On Thu, Mar 12, 2015 at 08:28:55AM +0000, Yeon, JeHyeon (Tom) wrote: > If the part of the compression data are corrupted, or the compression > data is totally fake, the memory access over the limit is possible. > > This is the log from my system usning lz4 decompression. > [6502]data abort, halting > [6503]r0 0x00000000 r1 0x00000000 r2 0xdcea0ffc r3 0xdcea0ffc > [6509]r4 0xb9ab0bfd r5 0xdcea0ffc r6 0xdcea0ff8 r7 0xdce80000 > [6515]r8 0x00000000 r9 0x00000000 r10 0x00000000 r11 0xb9a98000 > [6522]r12 0xdcea1000 usp 0x00000000 ulr 0x00000000 pc 0x820149bc > [6528]spsr 0x400001f3 > and the memory addresses of some variables at the moment are > ref:0xdcea0ffc, op:0xdcea0ffc, oend:0xdcea1000 > > As you can see, COPYLENGH is 8bytes, so @ref and @op can access the momory > over @oend. > > Signed-off-by: tom.yeon <tom.y...@windriver.com>
I need a "real" name here, I somehow doubt that your government documents has your name as "tom.yeon", right? Please fix this up and resend so that I can apply it. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/