aboutsummaryrefslogtreecommitdiffstats
path: root/tools/libxc/xc_dom_bzimageloader.c
diff options
context:
space:
mode:
authorIan Jackson <Ian.Jackson@eu.citrix.com>2012-10-26 11:39:42 +0100
committerIan Jackson <Ian.Jackson@eu.citrix.com>2012-10-26 11:39:42 +0100
commit160d9bb48519485c7bca72ae405ed1954f4a9fde (patch)
treefb2127c6a32a7f37b93c058098c279fe4399f10a /tools/libxc/xc_dom_bzimageloader.c
parentb24b8bfa166a9367399102a9332f847a67b9056f (diff)
downloadxen-160d9bb48519485c7bca72ae405ed1954f4a9fde.tar.gz
xen-160d9bb48519485c7bca72ae405ed1954f4a9fde.tar.bz2
xen-160d9bb48519485c7bca72ae405ed1954f4a9fde.zip
Revert 26109:6ccfe4d29f95
This changeset was contaminated by changes hanging around in my working tree. Sorry :-(. Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Diffstat (limited to 'tools/libxc/xc_dom_bzimageloader.c')
-rw-r--r--tools/libxc/xc_dom_bzimageloader.c47
1 files changed, 4 insertions, 43 deletions
diff --git a/tools/libxc/xc_dom_bzimageloader.c b/tools/libxc/xc_dom_bzimageloader.c
index 2b3602fcde..113d40ff2f 100644
--- a/tools/libxc/xc_dom_bzimageloader.c
+++ b/tools/libxc/xc_dom_bzimageloader.c
@@ -47,7 +47,7 @@ static int xc_try_bzip2_decode(
char *out_buf;
char *tmp_buf;
int retval = -1;
- unsigned int outsize;
+ int outsize;
uint64_t total;
stream.bzalloc = NULL;
@@ -79,17 +79,6 @@ static int xc_try_bzip2_decode(
stream.next_out = out_buf;
stream.avail_out = dom->kernel_size;
- /*
- * stream.avail_in is an unsigned int, while kernel_size is a
- * size_t. Check we aren't overflowing.
- */
- if ( stream.avail_in != dom->kernel_size )
- {
- DOMPRINTF("BZIP2: Input too large");
- free(out_buf);
- goto bzip2_cleanup;
- }
-
for ( ; ; )
{
ret = BZ2_bzDecompress(&stream);
@@ -109,20 +98,13 @@ static int xc_try_bzip2_decode(
if ( stream.avail_out == 0 )
{
/* Protect against output buffer overflow */
- if ( outsize > UINT_MAX / 2 )
+ if ( outsize > INT_MAX / 2 )
{
DOMPRINTF("BZIP2: output buffer overflow");
free(out_buf);
goto bzip2_cleanup;
}
- if ( xc_dom_kernel_check_size(dom, outsize * 2) )
- {
- DOMPRINTF("BZIP2: output too large");
- free(out_buf);
- goto bzip2_cleanup;
- }
-
tmp_buf = realloc(out_buf, outsize * 2);
if ( tmp_buf == NULL )
{
@@ -190,7 +172,7 @@ static int _xc_try_lzma_decode(
unsigned char *out_buf;
unsigned char *tmp_buf;
int retval = -1;
- size_t outsize;
+ int outsize;
const char *msg;
/* sigh. We don't know up-front how much memory we are going to need
@@ -262,20 +244,13 @@ static int _xc_try_lzma_decode(
if ( stream->avail_out == 0 )
{
/* Protect against output buffer overflow */
- if ( outsize > SIZE_MAX / 2 )
+ if ( outsize > INT_MAX / 2 )
{
DOMPRINTF("%s: output buffer overflow", what);
free(out_buf);
goto lzma_cleanup;
}
- if ( xc_dom_kernel_check_size(dom, outsize * 2) )
- {
- DOMPRINTF("%s: output too large", what);
- free(out_buf);
- goto lzma_cleanup;
- }
-
tmp_buf = realloc(out_buf, outsize * 2);
if ( tmp_buf == NULL )
{
@@ -384,12 +359,6 @@ static int xc_try_lzo1x_decode(
0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a
};
- /*
- * lzo_uint should match size_t. Check that this is the case to be
- * sure we won't overflow various lzo_uint fields.
- */
- XC_BUILD_BUG_ON(sizeof(lzo_uint) != sizeof(size_t));
-
ret = lzo_init();
if ( ret != LZO_E_OK )
{
@@ -469,14 +438,6 @@ static int xc_try_lzo1x_decode(
if ( src_len <= 0 || src_len > dst_len || src_len > left )
break;
- msg = "Output buffer overflow";
- if ( *size > SIZE_MAX - dst_len )
- break;
-
- msg = "Decompressed image too large";
- if ( xc_dom_kernel_check_size(dom, *size + dst_len) )
- break;
-
msg = "Failed to (re)alloc memory";
tmp_buf = realloc(out_buf, *size + dst_len);
if ( tmp_buf == NULL )