mirror of
https://xff.cz/git/u-boot/
synced 2026-01-26 20:35:22 +01:00
340fdf1303
The patch corresponds to zlib commit at9aaec95e82which declares that it is fixing CVE-2016-9841. Here is c&p description from zlib: "Use post-increment only in inffast.c. An old inffast.c optimization turns out to not be optimal anymore with modern compilers, and furthermore was not compliant with the C standard, for which decrementing a pointer before its allocated memory is undefined. Per the recommendation of a security audit of the zlib code by Trail of Bits and TrustInSoft, in support of the Mozilla Foundation, this "optimization" was removed, in order to avoid the possibility of undefined behavior." Origin patch also updates the code when INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR is present but this code is not the part of U-Boot hence it is ignored. Also do not deal with state->sane variable which requires other changes which are also not the part of zlib. Commit92faa8b109("zlib: handle overflow while calculating available stream input size") is kept in inffast.c too not to break described case. Signed-off-by: Michal Simek <michal.simek@amd.com>