mirror/u-boot-2016
1
0
Fork 0
mirror of https://git.codelinaro.org/clo/qsdk/oss/boot/u-boot-2016.git synced 2026-03-14 21:10:27 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
u-boot-2016/lib/zlib
History
Chin Liang See cbe64dd980 lib/zlib: Remove offset pointer optimization 
This fixes the CVE-2016-9840. Commit imported from [1].

inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.

[1]: 6a043145ca

Change-Id: I816eea011f2d22b5a3f1fda8aa672b19ed284932
Signed-off-by: Mark Adler <madler@alumni.caltech.edu>
Signed-off-by: Chin Liang See <chin.liang.see@intel.com>
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Signed-off-by: Md Sadre Alam <quic_mdalam@quicinc.com>
2022-11-24 12:47:26 +05:30
..
adler32.c
deflate.c ipq807x: Add support for compressed crashdump collection. 2019-12-23 09:26:21 +05:30
deflate.h
inffast.c
inffast.h
inffixed.h
inflate.c
inflate.h
inftrees.c lib/zlib: Remove offset pointer optimization 2022-11-24 12:47:26 +05:30
inftrees.h
Makefile
trees.c
trees.h
zlib.c
zlib.h
zutil.c Move malloc_cache_aligned() to its own header 2015-09-11 17:15:16 -04:00
zutil.h