diff options
author | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2012-10-26 11:39:42 +0100 |
---|---|---|
committer | Ian Jackson <Ian.Jackson@eu.citrix.com> | 2012-10-26 11:39:42 +0100 |
commit | 160d9bb48519485c7bca72ae405ed1954f4a9fde (patch) | |
tree | fb2127c6a32a7f37b93c058098c279fe4399f10a /tools/libxc/xc_dom_bzimageloader.c | |
parent | b24b8bfa166a9367399102a9332f847a67b9056f (diff) | |
download | xen-160d9bb48519485c7bca72ae405ed1954f4a9fde.tar.gz xen-160d9bb48519485c7bca72ae405ed1954f4a9fde.tar.bz2 xen-160d9bb48519485c7bca72ae405ed1954f4a9fde.zip |
Revert 26109:6ccfe4d29f95
This changeset was contaminated by changes hanging around in my
working tree. Sorry :-(.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Diffstat (limited to 'tools/libxc/xc_dom_bzimageloader.c')
-rw-r--r-- | tools/libxc/xc_dom_bzimageloader.c | 47 |
1 files changed, 4 insertions, 43 deletions
diff --git a/tools/libxc/xc_dom_bzimageloader.c b/tools/libxc/xc_dom_bzimageloader.c index 2b3602fcde..113d40ff2f 100644 --- a/tools/libxc/xc_dom_bzimageloader.c +++ b/tools/libxc/xc_dom_bzimageloader.c @@ -47,7 +47,7 @@ static int xc_try_bzip2_decode( char *out_buf; char *tmp_buf; int retval = -1; - unsigned int outsize; + int outsize; uint64_t total; stream.bzalloc = NULL; @@ -79,17 +79,6 @@ static int xc_try_bzip2_decode( stream.next_out = out_buf; stream.avail_out = dom->kernel_size; - /* - * stream.avail_in is an unsigned int, while kernel_size is a - * size_t. Check we aren't overflowing. - */ - if ( stream.avail_in != dom->kernel_size ) - { - DOMPRINTF("BZIP2: Input too large"); - free(out_buf); - goto bzip2_cleanup; - } - for ( ; ; ) { ret = BZ2_bzDecompress(&stream); @@ -109,20 +98,13 @@ static int xc_try_bzip2_decode( if ( stream.avail_out == 0 ) { /* Protect against output buffer overflow */ - if ( outsize > UINT_MAX / 2 ) + if ( outsize > INT_MAX / 2 ) { DOMPRINTF("BZIP2: output buffer overflow"); free(out_buf); goto bzip2_cleanup; } - if ( xc_dom_kernel_check_size(dom, outsize * 2) ) - { - DOMPRINTF("BZIP2: output too large"); - free(out_buf); - goto bzip2_cleanup; - } - tmp_buf = realloc(out_buf, outsize * 2); if ( tmp_buf == NULL ) { @@ -190,7 +172,7 @@ static int _xc_try_lzma_decode( unsigned char *out_buf; unsigned char *tmp_buf; int retval = -1; - size_t outsize; + int outsize; const char *msg; /* sigh. We don't know up-front how much memory we are going to need @@ -262,20 +244,13 @@ static int _xc_try_lzma_decode( if ( stream->avail_out == 0 ) { /* Protect against output buffer overflow */ - if ( outsize > SIZE_MAX / 2 ) + if ( outsize > INT_MAX / 2 ) { DOMPRINTF("%s: output buffer overflow", what); free(out_buf); goto lzma_cleanup; } - if ( xc_dom_kernel_check_size(dom, outsize * 2) ) - { - DOMPRINTF("%s: output too large", what); - free(out_buf); - goto lzma_cleanup; - } - tmp_buf = realloc(out_buf, outsize * 2); if ( tmp_buf == NULL ) { @@ -384,12 +359,6 @@ static int xc_try_lzo1x_decode( 0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a }; - /* - * lzo_uint should match size_t. Check that this is the case to be - * sure we won't overflow various lzo_uint fields. - */ - XC_BUILD_BUG_ON(sizeof(lzo_uint) != sizeof(size_t)); - ret = lzo_init(); if ( ret != LZO_E_OK ) { @@ -469,14 +438,6 @@ static int xc_try_lzo1x_decode( if ( src_len <= 0 || src_len > dst_len || src_len > left ) break; - msg = "Output buffer overflow"; - if ( *size > SIZE_MAX - dst_len ) - break; - - msg = "Decompressed image too large"; - if ( xc_dom_kernel_check_size(dom, *size + dst_len) ) - break; - msg = "Failed to (re)alloc memory"; tmp_buf = realloc(out_buf, *size + dst_len); if ( tmp_buf == NULL ) |