fs: ubifs: Fix UBIFS decompression on 64 bit

Add local size_t variable to crypto_comp_decompress as intermediate
storage for destination length to avoid memory corruption and incorrect
results on 64 bit targets.

This is what linux does for the various lz compression implementations.

Signed-off-by: Paul Davey <paul.davey@alliedtelesis.co.nz>
Cc: Heiko Schocher <hs@denx.de>
Tested-by: Heiko Schocher <hs@denx.de>

diff --git a/fs/ubifs/ubifs.c b/fs/ubifs/ubifs.c
index 47fa41ad1dd329fdc5ee595e0436fd192779d6c6..d5101d3c4594beec93e9caf8b9c15e8359182678 100644 (file)
--- a/fs/ubifs/ubifs.c
+++ b/fs/ubifs/ubifs.c
@@ -125,6 +125,7 @@ crypto_comp_decompress(const struct ubifs_info *c, struct crypto_comp *tfm,
 {
        struct ubifs_compressor *compr = ubifs_compressors[tfm->compressor];
        int err;
+       size_t tmp_len = *dlen;
 
        if (compr->compr_type == UBIFS_COMPR_NONE) {
                memcpy(dst, src, slen);
@@ -132,11 +133,12 @@ crypto_comp_decompress(const struct ubifs_info *c, struct crypto_comp *tfm,
                return 0;
        }
 
-       err = compr->decompress(src, slen, dst, (size_t *)dlen);
+       err = compr->decompress(src, slen, dst, &tmp_len);
        if (err)
                ubifs_err(c, "cannot decompress %d bytes, compressor %s, "
                          "error %d", slen, compr->name, err);
 
+       *dlen = tmp_len;
        return err;
 
        return 0;