
On Wed, Jun 24, 2020 at 04:34:03PM +0800, Ley Foon Tan wrote:
From: Chin Liang See chin.liang.see@intel.com
This fixes CVE-2016-9841. Changes integrated from [1], with changes make for Uboot code base.
An old inffast.c optimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant with the C standard, for which decrementing a pointer before its allocated memory is undefined. Per the recommendation of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation, this "optimization" was removed, in order to avoid the possibility of undefined behavior.
Signed-off-by: Mark Adler madler@alumni.caltech.edu Signed-off-by: Chin Liang See chin.liang.see@intel.com Signed-off-by: Ley Foon Tan ley.foon.tan@intel.com
This breaks the following tests on sandbox: FAILED test/py/tests/test_efi_fit.py::test_efi_fit_launch - u_boot_spawn.Timeout FAILED test/py/tests/test_fit.py::test_fit - OSError: [Errno 5] Input/output error