[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support



>>> On 25.09.13 at 10:06, Yann Collet <yann.collet.73@xxxxxxxxx> wrote:
> There are 2 families of decoding functions within LZ4 :
> 
> 1) LZ4_decompress_fast* : These decoding functions must be used with
> trusted sources only. They only guarantee that they will write exactly the
> size of output buffer, but cannot guarantee anything regarding input
> buffer, since its size is unknown. (by the way, the amount of bytes read
> into input buffer is the result of the function).
> 
> 2) LZ4_decompress_safe* : These decoding functions are protected against
> malicious input. It resists fuzzer attack. This is the recommended choice
> for "general decompression usage".
> 
> Looking at the kernel code, at
> https://github.com/torvalds/linux/blob/master/lib/lz4/lz4_decompress.c 
> the naming seems different, but both variants are still there :
> 
> lz4_decompress is the equivalent of LZ4_decompress_fast.
> lz4_decompress_unknownoutputsize is the equivalent of LZ4_decompress_safe.
> 
> I would recommend to use the second one for untrusted sources.

Ah, okay. Will re-do the DomU patch then.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.