[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support
>>> On 25.09.13 at 10:06, Yann Collet <yann.collet.73@xxxxxxxxx> wrote: > There are 2 families of decoding functions within LZ4 : > > 1) LZ4_decompress_fast* : These decoding functions must be used with > trusted sources only. They only guarantee that they will write exactly the > size of output buffer, but cannot guarantee anything regarding input > buffer, since its size is unknown. (by the way, the amount of bytes read > into input buffer is the result of the function). > > 2) LZ4_decompress_safe* : These decoding functions are protected against > malicious input. It resists fuzzer attack. This is the recommended choice > for "general decompression usage". > > Looking at the kernel code, at > https://github.com/torvalds/linux/blob/master/lib/lz4/lz4_decompress.c > the naming seems different, but both variants are still there : > > lz4_decompress is the equivalent of LZ4_decompress_fast. > lz4_decompress_unknownoutputsize is the equivalent of LZ4_decompress_safe. > > I would recommend to use the second one for untrusted sources. Ah, okay. Will re-do the DomU patch then. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |