Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / trini / u-boot / 499b7493e7a4d8c9171ff14accafe5a5b22cf00c
commit499b7493e7a4d8c9171ff14accafe5a5b22cf00c[log] [tgz]
authorChin Liang See <chin.liang.see@intel.com>Wed Jun 24 16:31:08 2020 +0800
committerTom Rini <trini@konsulko.com>Fri Jul 17 08:51:29 2020 -0400
tree154a93e18a9d1e2e77bbe0066ba7166736cc51b7
parentb4d14bc81ad580000277deae5d51e3e3ef09875f [diff]
lib: zlib: Remove offset pointer optimization in inftrees.c

This fixes the CVE-2016-9840. Commit imported from [1].

inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.

[1]: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0

Signed-off-by: Mark Adler <madler@alumni.caltech.edu>
Signed-off-by: Chin Liang See <chin.liang.see@intel.com>
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
1 file changed
tree: 154a93e18a9d1e2e77bbe0066ba7166736cc51b7
  1. .azure-pipelines.yml
  2. .checkpatch.conf
  3. .gitattributes
  4. .github/
  5. .gitignore
  6. .gitlab-ci.yml
  7. .mailmap
  8. .readthedocs.yml
  9. .travis.yml
  10. Kbuild
  11. Kconfig
  12. Licenses/
  13. MAINTAINERS
  14. Makefile
  15. README
  16. api/
  17. arch/
  18. board/
  19. cmd/
  20. common/
  21. config.mk
  22. configs/
  23. disk/
  24. doc/
  25. drivers/
  26. dts/
  27. env/
  28. examples/
  29. fs/
  30. include/
  31. lib/
  32. net/
  33. post/
  34. scripts/
  35. test/
  36. tools/