u-boot/lib/zlib
Chin Liang See 499b7493e7 lib: zlib: Remove offset pointer optimization in inftrees.c
This fixes the CVE-2016-9840. Commit imported from [1].

inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.

[1]: 6a043145ca

Signed-off-by: Mark Adler <madler@alumni.caltech.edu>
Signed-off-by: Chin Liang See <chin.liang.see@intel.com>
Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
2020-07-17 08:51:29 -04:00
..
adler32.c
deflate.c crc32: Use the crc.h header for crc functions 2019-12-02 18:23:08 -05:00
deflate.h
inffast.c Use correct spelling of "U-Boot" 2016-02-06 12:00:59 +01:00
inffast.h
inffixed.h
inflate.c
inflate.h
inftrees.c lib: zlib: Remove offset pointer optimization in inftrees.c 2020-07-17 08:51:29 -04:00
inftrees.h
Makefile SPDX: Convert all of our single license tags to Linux Kernel style 2018-05-07 09:34:12 -04:00
trees.c lib: zlib: fix formatting, reference 2020-04-27 14:55:29 -04:00
trees.h
zlib.c
zlib.h
zutil.c common: Move hang() to the same header as panic() 2020-01-17 17:53:40 -05:00
zutil.h Use correct spelling of "U-Boot" 2016-02-06 12:00:59 +01:00