From patchwork Tue Aug 25 21:01:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Cercueil X-Patchwork-Id: 11736775 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6ADEB722 for ; Tue, 25 Aug 2020 21:01:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3F7FA2074A for ; Tue, 25 Aug 2020 21:01:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=crapouillou.net header.i=@crapouillou.net header.b="IomyVSIz" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726391AbgHYVBh (ORCPT ); Tue, 25 Aug 2020 17:01:37 -0400 Received: from crapouillou.net ([89.234.176.41]:50668 "EHLO crapouillou.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726149AbgHYVBh (ORCPT ); Tue, 25 Aug 2020 17:01:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=crapouillou.net; s=mail; t=1598389294; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references; bh=YiQosPnUbJltatnhYmaMYvXeDJkSAec2ypBziUzmlAs=; b=IomyVSIzBptidH1chI3rnfuOki0KTV9EtNOFxkgdXC1Z4yOoKJ8pnC1H172rRsnJmvTKm5 Ry/wXaK5XvGuDEn2aYYfXgeuW10stCZJ26oyyQiUY17WffHxUJGR57Nv38PGTHasA8MvUq bjJIKFElQau/8wC5niTUGPSyZhrtb4c= From: Paul Cercueil To: Nick Terrell , Thomas Bogendoerfer Cc: linux-mips@vger.kernel.org, linux-kernel@vger.kernel.org, od@zcrc.me, Paul Cercueil Subject: [PATCH v2 1/2] lib: decompress_unzstd: Limit output size Date: Tue, 25 Aug 2020 23:01:26 +0200 Message-Id: <20200825210127.17850-1-paul@crapouillou.net> MIME-Version: 1.0 Sender: linux-mips-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-mips@vger.kernel.org The zstd decompression code, as it is right now, will have internal values overflow on 32-bit systems when the output size is bigger than 1 GiB. Until someone smarter than me can figure out how to fix the zstd code properly, limit the destination buffer size to 1 GiB, which should be enough for everybody, in order to make it usable on 32-bit systems. Signed-off-by: Paul Cercueil Reviewed-by: Nick Terrell --- Notes: v2: Change limit to 1 GiB lib/decompress_unzstd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/decompress_unzstd.c b/lib/decompress_unzstd.c index 0ad2c15479ed..414517baedb0 100644 --- a/lib/decompress_unzstd.c +++ b/lib/decompress_unzstd.c @@ -77,6 +77,7 @@ #include #include +#include #include /* 128MB is the maximum window size supported by zstd. */ @@ -179,7 +180,7 @@ static int INIT __unzstd(unsigned char *in_buf, long in_len, size_t ret; if (out_len == 0) - out_len = LONG_MAX; /* no limit */ + out_len = SZ_1G; /* should be big enough, right? */ if (fill == NULL && flush == NULL) /*