On Fri, Jul 17, 2020 at 9:29 PM Tom Rini trini@konsulko.com wrote:
On Wed, Jun 24, 2020 at 04:34:03PM +0800, Ley Foon Tan wrote:
From: Chin Liang See chin.liang.see@intel.com
This fixes CVE-2016-9841. Changes integrated from [1], with changes make for Uboot code base.
An old inffast.c optimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant with the C standard, for which decrementing a pointer before its allocated memory is undefined. Per the recommendation of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation, this "optimization" was removed, in order to avoid the possibility of undefined behavior.
Signed-off-by: Mark Adler madler@alumni.caltech.edu Signed-off-by: Chin Liang See chin.liang.see@intel.com Signed-off-by: Ley Foon Tan ley.foon.tan@intel.com
This breaks the following tests on sandbox: FAILED test/py/tests/test_efi_fit.py::test_efi_fit_launch - u_boot_spawn.Timeout FAILED test/py/tests/test_fit.py::test_fit - OSError: [Errno 5] Input/output error
Hi Tom
I have tried to run the sandtest, but it failed in different test cases. I am run this command "./test/py/test.py --bd sandbox --build". Error log at bottom of email.
Found that https://gitlab.denx.de/u-boot/u-boot/-/blob/master/lib/zlib/zlib.h always "#undef POSTINC", it is mean that U-boot can only support pre-increment? I have tried changing "#undef POSTINC" to "define POSTINC" and without this patch, the test failed at the same location. So, the failure is not caused by this patch. Note, this patch mainly changes to support post-increment only.
Any suggestion to fix this?
Regards Ley Foon
----------------- test/py/tests/test_fs/test_squashfs/test_sqfs_load.py F [ 0%] test/py/tests/test_fs/test_squashfs/test_sqfs_ls.py F
====================================================== FAILURES ====================================================== ___________________________________________________ test_sqfs_load ___________________________________________________
u_boot_console = <u_boot_console_sandbox.ConsoleSandbox object at 0x7f788515dd60>
@pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('cmd_fs_generic') @pytest.mark.buildconfigspec('cmd_squashfs') @pytest.mark.buildconfigspec('fs_squashfs') @pytest.mark.requiredtool('mksquashfs') def test_sqfs_load(u_boot_console): build_dir = u_boot_console.config.build_dir command = "sqfsload host 0 $kernel_addr_r "
for opt in comp_opts: # generate and load the squashfs image try: opt.gen_image(build_dir) except RuntimeError: opt.clean_source(build_dir) # skip unsupported compression types continue
path = os.path.join(build_dir, "sqfs-" + opt.name) output = u_boot_console.run_command("host bind 0 " + path)
output = u_boot_console.run_command(command + "xxx")
test/py/tests/test_fs/test_squashfs/test_sqfs_load.py:30: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ test/py/u_boot_console_base.py:205: in run_command m = self.p.expect([self.prompt_compiled] + self.bad_patterns) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <u_boot_spawn.Spawn object at 0x7f7884ba9d00> patterns = [re.compile('^=>\ ', re.MULTILINE), re.compile('(U-Boot SPL \d{4}\.\d{2}[^\r\n]*\))'), re.compile('(U-Boot SPL \...d{2}[^\r\n]*\))'), re.compile('Hit any key to stop autoboot: '), re.compile("Unknown command '.*' - try 'help'"), ...]
def expect(self, patterns): """Wait for the sub-process to emit specific data.
This function waits for the process to emit one pattern from the supplied list of patterns, or for a timeout to occur.
Args: patterns: A list of strings or regex objects that we expect to see in the sub-process' stdout.
Returns: The index within the patterns array of the pattern the process emitted.
Notable exceptions: Timeout, if the process did not emit any of the patterns within the expected time. """
for pi in range(len(patterns)): if type(patterns[pi]) == type(''): patterns[pi] = re.compile(patterns[pi])
tstart_s = time.time() try: while True: earliest_m = None earliest_pi = None for pi in range(len(patterns)): pattern = patterns[pi] m = pattern.search(self.buf) if not m: continue if earliest_m and m.start() >= earliest_m.start(): continue earliest_m = m earliest_pi = pi if earliest_m: pos = earliest_m.start() posafter = earliest_m.end() self.before = self.buf[:pos] self.after = self.buf[pos:posafter] self.output += self.buf[:posafter] self.buf = self.buf[posafter:] return earliest_pi tnow_s = time.time() if self.timeout: tdelta_ms = (tnow_s - tstart_s) * 1000 poll_maxwait = self.timeout - tdelta_ms if tdelta_ms > self.timeout: raise Timeout() else: poll_maxwait = None events = self.poll.poll(poll_maxwait) if not events: raise Timeout()
c = os.read(self.fd, 1024).decode(errors='replace')
E OSError: [Errno 5] Input/output error
test/py/u_boot_spawn.py:171: OSError ------------------------------------------------ Captured stdout call ------------------------------------------------ Parallel mksquashfs: Using 1 processor Creating 4.0 filesystem on /home/lftan/git/u-boot/build-sandbox/sqfs-gzip, block size 4096. [===================================================================|] 4/4 100%
Exportable Squashfs 4.0 filesystem, gzip compressed, data block size 4096 compressed data, compressed metadata, compressed fragments, compressed xattrs, compressed ids duplicates are removed Filesystem size 6.97 Kbytes (0.01 Mbytes) 73.37% of uncompressed filesystem size (9.50 Kbytes) Inode table size 98 bytes (0.10 Kbytes) 57.31% of uncompressed inode table size (171 bytes) Directory table size 55 bytes (0.05 Kbytes) 72.37% of uncompressed directory table size (76 bytes) Number of duplicate files found 0 Number of inodes 5 Number of files 3 Number of fragments 1 Number of symbolic links 1 Number of device nodes 0 Number of fifo nodes 0 Number of socket nodes 0 Number of directories 1 Number of ids (unique uids + gids) 1 Number of uids 1 lftan (1000) Number of gids 1 lftan (1000) => host bind 0 /home/lftan/git/u-boot/build-sandbox/sqfs-gzip => => sqfsload host 0 $kernel_addr_r xxx Error: corrupted compressed data. ____________________________________________________ test_sqfs_ls ____________________________________________________
u_boot_console = <u_boot_console_sandbox.ConsoleSandbox object at 0x7f788515dd60>
@pytest.mark.boardspec('sandbox') @pytest.mark.buildconfigspec('cmd_fs_generic') @pytest.mark.buildconfigspec('cmd_squashfs') @pytest.mark.buildconfigspec('fs_squashfs') @pytest.mark.requiredtool('mksquashfs') def test_sqfs_ls(u_boot_console): build_dir = u_boot_console.config.build_dir for opt in comp_opts: try:
opt.gen_image(build_dir)
test/py/tests/test_fs/test_squashfs/test_sqfs_ls.py:18: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <sqfs_common.Compression object at 0x7f7884c986a0>, build_dir = '/home/lftan/git/u-boot/build-sandbox'
def gen_image(self, build_dir): src = os.path.join(build_dir, "sqfs_src/")
os.mkdir(src)
E FileExistsError: [Errno 17] File exists: '/home/lftan/git/u-boot/build-sandbox/sqfs_src/'
test/py/tests/test_fs/test_squashfs/sqfs_common.py:35: FileExistsError ----------------------------------------------- Captured stdout setup ------------------------------------------------ /u-boot
U-Boot 2020.10-00718-g0f35d96bfd-dirty (Oct 16 2020 - 04:30:45 +0800)
Model: sandbox DRAM: 128 MiB WDT: Started with servicing (60s timeout) MMC: mmc2: 2 (SD), mmc1: 1 (SD), mmc0: 0 (SD) In: serial Out: vidconsole Err: vidconsole Model: sandbox SCSI: Net: eth0: eth@10002000, eth5: eth@10003000, eth3: sbe5, eth6: eth@10004000 Hit any key to stop autoboot: 0 => =============================== 2 failed, 641 passed, 88 skipped in 113.21s (0:01:53) ================================