[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150313112246.GH20767@twin.jikos.cz>
Date: Fri, 13 Mar 2015 12:22:46 +0100
From: David Sterba <dsterba@...e.cz>
To: "Yeon, JeHyeon (Tom)" <Tom.Yeon@...driver.com>
Cc: "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: LZ4 : fix the data abort issue.
On Thu, Mar 12, 2015 at 08:28:55AM +0000, Yeon, JeHyeon (Tom) wrote:
> If the part of the compression data are corrupted, or the compression
> data is totally fake, the memory access over the limit is possible.
>
> This is the log from my system usning lz4 decompression.
> [6502]data abort, halting
> [6503]r0 0x00000000 r1 0x00000000 r2 0xdcea0ffc r3 0xdcea0ffc
> [6509]r4 0xb9ab0bfd r5 0xdcea0ffc r6 0xdcea0ff8 r7 0xdce80000
> [6515]r8 0x00000000 r9 0x00000000 r10 0x00000000 r11 0xb9a98000
> [6522]r12 0xdcea1000 usp 0x00000000 ulr 0x00000000 pc 0x820149bc
> [6528]spsr 0x400001f3
> and the memory addresses of some variables at the moment are
> ref:0xdcea0ffc, op:0xdcea0ffc, oend:0xdcea1000
>
> As you can see, COPYLENGH is 8bytes, so @ref and @op can access the momory
> over @oend.
>
> Signed-off-by: tom.yeon <tom.yeon@...driver.com>
Reviewed-by: David Sterba <dsterba@...e.cz>
Matches implementation in lz4 upstream.
Btw, why is it a reply and not a standalone patch? I don't seem to find
any prior message in relevant mailinglists.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists