On Wed, Jun 24, 2020 at 04:34:03PM +0800, Ley Foon Tan wrote: > From: Chin Liang See <chin.liang....@intel.com> > > This fixes CVE-2016-9841. Changes integrated from [1], with changes > make for Uboot code base. > > An old inffast.c optimization turns out to not be optimal anymore > with modern compilers, and furthermore was not compliant with the > C standard, for which decrementing a pointer before its allocated > memory is undefined. Per the recommendation of a security audit of > the zlib code by Trail of Bits and TrustInSoft, in support of the > Mozilla Foundation, this "optimization" was removed, in order to > avoid the possibility of undefined behavior. > > [1]: > https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb > > Signed-off-by: Mark Adler <mad...@alumni.caltech.edu> > Signed-off-by: Chin Liang See <chin.liang....@intel.com> > Signed-off-by: Ley Foon Tan <ley.foon....@intel.com>
This breaks the following tests on sandbox: FAILED test/py/tests/test_efi_fit.py::test_efi_fit_launch - u_boot_spawn.Timeout FAILED test/py/tests/test_fit.py::test_fit - OSError: [Errno 5] Input/output error -- Tom
signature.asc
Description: PGP signature