rpms
/
uboot-tools
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Fixes for Pine64 Pinebook Pro 

- Fix for CVE-2022-30767 (NFSv2)
- Fix for CVE-2018-25032 (zlib)
This commit is contained in:
Peter Robinson 2022-06-12 18:07:07 +01:00
parent ab63b19049
commit ac871938d3
5 changed files with 542 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
0001-Revert-spi-spi-uclass-Add-support-to-manually-reloca.patch
View File

@ -1,53 +0,0 @@
From 1c56fc2835e10cdc039a4c1d049c1a6978e036f3 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Thu, 22 Jul 2021 16:22:48 +0100
Subject: [PATCH] Revert "spi: spi-uclass: Add support to manually relocate spi
memory ops"
This reverts commit 346df7d4fa62afc578d820b3a18815eec765074f.
This patch broke booting Rockchip systems from U-Boot residing on SPI
flash, for at least the Pinebook Pro and Rockpro64, and also confirmed
with the not yet upstream Helios64.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Cc: T Karthik Reddy <t.karthik.reddy@xilinx.com>
Cc: Ashok Reddy Soma <ashok.reddy.soma@xilinx.com>
Cc: Michal Simek <michal.simek@xilinx.com>
Cc: Pratyush Yadav <p.yadav@ti.com>
---
drivers/spi/spi-uclass.c | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/drivers/spi/spi-uclass.c b/drivers/spi/spi-uclass.c
index d867b27806..ec7f4652b3 100644
--- a/drivers/spi/spi-uclass.c
+++ b/drivers/spi/spi-uclass.c
@@ -11,7 +11,6 @@
#include <log.h>
#include <malloc.h>
#include <spi.h>
-#include <spi-mem.h>
#include <dm/device_compat.h>
#include <asm/global_data.h>
#include <dm/device-internal.h>
@@ -200,16 +199,6 @@ static int spi_post_probe(struct udevice *bus)
ops->set_mode += gd->reloc_off;
if (ops->cs_info)
ops->cs_info += gd->reloc_off;
- if (ops->mem_ops) {
- struct spi_controller_mem_ops *mem_ops =
- (struct spi_controller_mem_ops *)ops->mem_ops;
- if (mem_ops->adjust_op_size)
- mem_ops->adjust_op_size += gd->reloc_off;
- if (mem_ops->supports_op)
- mem_ops->supports_op += gd->reloc_off;
- if (mem_ops->exec_op)
- mem_ops->exec_op += gd->reloc_off;
- }
reloc_done++;
}
#endif
--
2.31.1

43
CVE-2022-30767.patch Normal file
View File

@ -0,0 +1,43 @@
From bdbf7a05e26f3c5fd437c99e2755ffde186ddc80 Mon Sep 17 00:00:00 2001
From: Andrea zi0Black Cappa <zi0Black@protonmail.com>
Date: Wed, 18 May 2022 16:30:08 +0000
Subject: [PATCH] net: nfs: Fix CVE-2022-30767 (old CVE-2019-14196)
This patch mitigates the vulnerability identified via CVE-2019-14196.
The previous patch was bypassed/ineffective, and now the vulnerability
is identified via CVE-2022-30767. The patch removes the sanity check
introduced to mitigate CVE-2019-14196 since it's ineffective.
filefh3_length is changed to unsigned type integer, preventing negative
numbers from being used during comparison with positive values during
size sanity checks.
Signed-off-by: Andrea zi0Black Cappa <zi0Black@protonmail.com>
---
net/nfs.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/nfs.c b/net/nfs.c
index 3c01cebd96..9152ab742e 100644
--- a/net/nfs.c
+++ b/net/nfs.c
@@ -52,7 +52,7 @@ static const ulong nfs_timeout = CONFIG_NFS_TIMEOUT;
static char dirfh[NFS_FHSIZE]; /* NFSv2 / NFSv3 file handle of directory */
static char filefh[NFS3_FHSIZE]; /* NFSv2 / NFSv3 file handle */
-static int filefh3_length; /* (variable) length of filefh when NFSv3 */
+static unsigned int filefh3_length; /* (variable) length of filefh when NFSv3 */
static enum net_loop_state nfs_download_state;
static struct in_addr nfs_server_ip;
@@ -573,8 +573,6 @@ static int nfs_lookup_reply(uchar *pkt, unsigned len)
filefh3_length = ntohl(rpc_pkt.u.reply.data[1]);
if (filefh3_length > NFS3_FHSIZE)
filefh3_length = NFS3_FHSIZE;
- if (((uchar *)&(rpc_pkt.u.reply.data[0]) - (uchar *)(&rpc_pkt) + filefh3_length) > len)
- return -NFS_RPC_DROP;
memcpy(filefh, rpc_pkt.u.reply.data + 2, filefh3_length);
}
--
GitLab

107
rockchip-pbp-fixes.patch Normal file
View File

@ -0,0 +1,107 @@
From 2d9350c50a9659cc2a247cdea07f0eacffa3cb32 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Sun, 12 Jun 2022 14:44:44 +0100
Subject: [PATCH] rockchip: pinebook-pro: minor SPI flash fixes
Set a default offset for environment so it doesn't write it to
unexpected locations, drop unneeded mtd config option.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
---
configs/pinebook-pro-rk3399_defconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configs/pinebook-pro-rk3399_defconfig b/configs/pinebook-pro-rk3399_defconfig
index 8ca1d0708f9..aaa52c6ea70 100644
--- a/configs/pinebook-pro-rk3399_defconfig
+++ b/configs/pinebook-pro-rk3399_defconfig
@@ -4,6 +4,7 @@
CONFIG_SYS_TEXT_BASE=0x00200000
CONFIG_NR_DRAM_BANKS=1
CONFIG_ENV_SIZE=0x8000
+CONFIG_ENV_OFFSET=0x3F8000
CONFIG_DEFAULT_DEVICE_TREE="rk3399-pinebook-pro"
CONFIG_ROCKCHIP_RK3399=y
CONFIG_TARGET_PINEBOOK_PRO_RK3399=y
@@ -21,7 +22,6 @@
# CONFIG_SPL_RAW_IMAGE_SUPPORT is not set
CONFIG_SPL_STACK_R=y
CONFIG_SPL_STACK_R_MALLOC_SIMPLE_LEN=0x10000
-CONFIG_SPL_MTD_SUPPORT=y
CONFIG_SPL_SPI_LOAD=y
CONFIG_TPL=y
CONFIG_CMD_BOOTZ=y
--
2.36.1
From 8bca90472e0d71e5344711b6f5fe8dc95e19af5a Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Sun, 12 Jun 2022 15:12:47 +0100
Subject: [PATCH] rockchip: pinebook-pro: sync PBP dtb to 5.18
Sync the pinebook pro to upstream 5.18, in particular this brings
brings in a fix so the DP is disabled so Linux will actually boot.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
---
arch/arm/dts/rk3399-pinebook-pro.dts | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/arm/dts/rk3399-pinebook-pro.dts b/arch/arm/dts/rk3399-pinebook-pro.dts
index 2b5f001ff4a..d6b68d77d63 100644
--- a/arch/arm/dts/rk3399-pinebook-pro.dts
+++ b/arch/arm/dts/rk3399-pinebook-pro.dts
@@ -17,6 +17,7 @@
/ {
model = "Pine64 Pinebook Pro";
compatible = "pine64,pinebook-pro", "rockchip,rk3399";
+ chassis-type = "laptop";
aliases {
mmc0 = &sdio0;
@@ -242,12 +243,12 @@
vdd_log: vdd-log {
compatible = "pwm-regulator";
pwms = <&pwm2 0 25000 1>;
+ pwm-supply = <&vcc_sysin>;
regulator-name = "vdd_log";
regulator-always-on;
regulator-boot-on;
regulator-min-microvolt = <800000>;
regulator-max-microvolt = <1400000>;
- vin-supply = <&vcc_sysin>;
regulator-state-mem {
regulator-on-in-suspend;
@@ -385,10 +386,6 @@
};
};
-&cdn_dp {
- status = "okay";
-};
-
&cpu_b0 {
cpu-supply = <&vdd_cpu_b>;
};
@@ -475,8 +472,6 @@
vcc10-supply = <&vcc_sysin>;
vcc11-supply = <&vcc_sysin>;
vcc12-supply = <&vcc3v3_sys>;
- vcc13-supply = <&vcc_sysin>;
- vcc14-supply = <&vcc_sysin>;
regulators {
/* rk3399 center logic supply */
@@ -711,7 +706,7 @@
connector {
compatible = "usb-c-connector";
- data-role = "host";
+ data-role = "dual";
label = "USB-C";
op-sink-microwatt = <1000000>;
power-role = "dual";
--
2.36.1

13
uboot-tools.spec
View File

@ -3,7 +3,7 @@
Name: uboot-tools
Version: 2022.04
Release: 1%{?candidate:.%{candidate}}%{?dist}
Release: 2%{?candidate:.%{candidate}}%{?dist}
Summary: U-Boot utilities
License: GPLv2+ BSD LGPL-2.1+ LGPL-2.0+
URL: http://www.denx.de/wiki/U-Boot
@ -23,8 +23,10 @@ Patch3: rpi-Enable-using-the-DT-provided-by-the-Raspberry-Pi.patch
Patch4: rpi-fallback-to-max-clock-for-mmc.patch
Patch5: rpi-bcm2835_sdhost-firmware-managed-clock.patch
# Rockchips improvements
Patch8: 0001-Revert-spi-spi-uclass-Add-support-to-manually-reloca.patch
Patch9: rockchip-Add-initial-support-for-the-PinePhone-Pro.patch
Patch7: rockchip-Add-initial-support-for-the-PinePhone-Pro.patch
Patch8: rockchip-pbp-fixes.patch
Patch10: CVE-2022-30767.patch
Patch11: zlib-Port-fix-for-CVE-2018-25032-to-U-Boot.patch
BuildRequires: bc
BuildRequires: bison
@ -247,6 +249,11 @@ cp -p board/warp7/README builds/docs/README.warp7
%endif
%changelog
* Sun Jun 12 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 2022.04-2
- Fixes for Pine64 Pinebook Pro
- Fix for CVE-2022-30767 (NFSv2)
- Fix for CVE-2018-25032 (zlib)
* Mon Apr 04 2022 Peter Robinson <pbrobinson@fedoraproject.org> - 2022.04-1
- Update to 2022.04 GA

382
zlib-Port-fix-for-CVE-2018-25032-to-U-Boot.patch Normal file
View File

@ -0,0 +1,382 @@
From patchwork Tue May 10 18:36:59 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Rini <trini@konsulko.com>
X-Patchwork-Id: 1629327
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
(client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Received: from phobos.denx.de (phobos.denx.de
[IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
SHA256)
(No client certificate requested)
by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KyRbn5BX1z9sGD
for <incoming@patchwork.ozlabs.org>; Wed, 11 May 2022 04:37:23 +1000 (AEST)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
by phobos.denx.de (Postfix) with ESMTP id A92288427E;
Tue, 10 May 2022 20:37:11 +0200 (CEST)
Authentication-Results: phobos.denx.de;
dmarc=fail (p=none dis=none) header.from=konsulko.com
Authentication-Results: phobos.denx.de;
spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: by phobos.denx.de (Postfix, from userid 109)
id 5EE118428F; Tue, 10 May 2022 20:37:09 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level:
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,
FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,
T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
Received: from mail-qt1-f170.google.com (mail-qt1-f170.google.com
[209.85.160.170])
(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
(No client certificate requested)
by phobos.denx.de (Postfix) with ESMTPS id BC6F78425F
for <u-boot@lists.denx.de>; Tue, 10 May 2022 20:37:04 +0200 (CEST)
Authentication-Results: phobos.denx.de;
dmarc=fail (p=none dis=none) header.from=konsulko.com
Authentication-Results: phobos.denx.de;
spf=pass smtp.mailfrom=tom.rini@gmail.com
Received: by mail-qt1-f170.google.com with SMTP id t11so14204577qto.11
for <u-boot@lists.denx.de>; Tue, 10 May 2022 11:37:04 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=GgFA2F9spTDeRgG1dsLXhCI+5ME44EB+UP3kk83/r+w=;
b=zXRRyKVcPVLTBD71EFJ8uajlzRqX7d1i0mFi4MLdw5LEfjtJtJZQd2KHjhXseHEt6+
XxaSQG1Ari1f3adpf7Hsb9AeDE/8GhnOcICHTI+0E3I5Q8OHjkp0EaLnIdRL4Z97HnQf
eCGtIivU6CIxghbp6568d/w6D0mnyUSer35LbNvFlwW85yU1RcYkDauFIzgeBm/1Fdtd
yMZCjr5qDnCiJwYexp6nXQl8o2BoAAfiq+n0g7N3ICV7e5WJtF/eqlmBq1Ms2efxOO3R
d2rbTNK7RYrre27RBiCUN4e9GZVHysh02bfEEXMU1rWycFyb/hJLxvJYjrMGgqnu4nz1
FNHQ==
X-Gm-Message-State: AOAM5309WCz7CJBM2JlQOX65gbWpmgAdZizCBB/LDQr1lGxbGBzhzSrA
CezrRFVNnNFZF/xP4PS2NQYxp/Y9eg==
X-Google-Smtp-Source:
ABdhPJxl7/5tGPSU+8kNV89P2lLdCce/fnYp8Eu6BTaaU6Tpe4ZLkfgOMXgKFOfElwDGofc1XUpPug==
X-Received: by 2002:a05:622a:1aa5:b0:2f3:b433:5dc1 with SMTP id
s37-20020a05622a1aa500b002f3b4335dc1mr20827993qtc.53.1652207823150;
Tue, 10 May 2022 11:37:03 -0700 (PDT)
Received: from bill-the-cat.lan
(2603-6081-7b01-4500-b057-3c7b-12c2-aabf.res6.spectrum.com.
[2603:6081:7b01:4500:b057:3c7b:12c2:aabf])
by smtp.gmail.com with ESMTPSA id
bi5-20020a05620a318500b0069fd12a957bsm4199878qkb.17.2022.05.10.11.37.02
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 10 May 2022 11:37:02 -0700 (PDT)
From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Cc: "Gan, Yau Wai" <yau.wai.gan@intel.com>
Subject: [PATCH] zlib: Port fix for CVE-2018-25032 to U-Boot
Date: Tue, 10 May 2022 14:36:59 -0400
Message-Id: <20220510183659.1749717-1-trini@konsulko.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
<mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean
While our copy of zlib is missing upstream commit 263b1a05b04e ("Allow
deflatePrime() to insert bits in the middle of a stream.") we do have
Z_FIXED support, and so the majority of the code changes in 5c44459c3b28
("Fix a bug that can crash deflate on some input when using Z_FIXED.")
apply here directly and cleanly. As this has been assigned a CVE, lets
go and apply these changes.
Link: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Reported-by: "Gan, Yau Wai" <yau.wai.gan@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
---
lib/zlib/deflate.c | 64 +++++++++++++++++++++++++++++++++++-----------
lib/zlib/deflate.h | 25 ++++++++----------
lib/zlib/trees.c | 50 ++++++++++--------------------------
3 files changed, 74 insertions(+), 65 deletions(-)
diff --git a/lib/zlib/deflate.c b/lib/zlib/deflate.c
index 63473359e456..4549f4dc12a0 100644
--- a/lib/zlib/deflate.c
+++ b/lib/zlib/deflate.c
@@ -223,11 +223,6 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
int wrap = 1;
static const char my_version[] = ZLIB_VERSION;
- ushf *overlay;
- /* We overlay pending_buf and d_buf+l_buf. This works since the average
- * output size for (length,distance) codes is <= 24 bits.
- */
-
if (version == Z_NULL || version[0] != my_version[0] ||
stream_size != sizeof(z_stream)) {
return Z_VERSION_ERROR;
@@ -287,9 +282,47 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
- overlay = (ushf *) ZALLOC(strm, s->lit_bufsize, sizeof(ush)+2);
- s->pending_buf = (uchf *) overlay;
- s->pending_buf_size = (ulg)s->lit_bufsize * (sizeof(ush)+2L);
+ /* We overlay pending_buf and sym_buf. This works since the average size
+ * for length/distance pairs over any compressed block is assured to be 31
+ * bits or less.
+ *
+ * Analysis: The longest fixed codes are a length code of 8 bits plus 5
+ * extra bits, for lengths 131 to 257. The longest fixed distance codes are
+ * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest
+ * possible fixed-codes length/distance pair is then 31 bits total.
+ *
+ * sym_buf starts one-fourth of the way into pending_buf. So there are
+ * three bytes in sym_buf for every four bytes in pending_buf. Each symbol
+ * in sym_buf is three bytes -- two for the distance and one for the
+ * literal/length. As each symbol is consumed, the pointer to the next
+ * sym_buf value to read moves forward three bytes. From that symbol, up to
+ * 31 bits are written to pending_buf. The closest the written pending_buf
+ * bits gets to the next sym_buf symbol to read is just before the last
+ * code is written. At that time, 31*(n-2) bits have been written, just
+ * after 24*(n-2) bits have been consumed from sym_buf. sym_buf starts at
+ * 8*n bits into pending_buf. (Note that the symbol buffer fills when n-1
+ * symbols are written.) The closest the writing gets to what is unread is
+ * then n+14 bits. Here n is lit_bufsize, which is 16384 by default, and
+ * can range from 128 to 32768.
+ *
+ * Therefore, at a minimum, there are 142 bits of space between what is
+ * written and what is read in the overlain buffers, so the symbols cannot
+ * be overwritten by the compressed data. That space is actually 139 bits,
+ * due to the three-bit fixed-code block header.
+ *
+ * That covers the case where either Z_FIXED is specified, forcing fixed
+ * codes, or when the use of fixed codes is chosen, because that choice
+ * results in a smaller compressed block than dynamic codes. That latter
+ * condition then assures that the above analysis also covers all dynamic
+ * blocks. A dynamic-code block will only be chosen to be emitted if it has
+ * fewer bits than a fixed-code block would for the same set of symbols.
+ * Therefore its average symbol length is assured to be less than 31. So
+ * the compressed data for a dynamic block also cannot overwrite the
+ * symbols from which it is being constructed.
+ */
+
+ s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4);
+ s->pending_buf_size = (ulg)s->lit_bufsize * 4;
if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
s->pending_buf == Z_NULL) {
@@ -298,8 +331,12 @@ int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
deflateEnd (strm);
return Z_MEM_ERROR;
}
- s->d_buf = overlay + s->lit_bufsize/sizeof(ush);
- s->l_buf = s->pending_buf + (1+sizeof(ush))*s->lit_bufsize;
+ s->sym_buf = s->pending_buf + s->lit_bufsize;
+ s->sym_end = (s->lit_bufsize - 1) * 3;
+ /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
+ * on 16 bit machines and because stored blocks are restricted to
+ * 64K-1 bytes.
+ */
s->level = level;
s->strategy = strategy;
@@ -935,7 +972,6 @@ int ZEXPORT deflateCopy (dest, source)
#else
deflate_state *ds;
deflate_state *ss;
- ushf *overlay;
if (source == Z_NULL || dest == Z_NULL || source->state == Z_NULL) {
@@ -955,8 +991,7 @@ int ZEXPORT deflateCopy (dest, source)
ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
ds->prev = (Posf *) ZALLOC(dest, ds->w_size, sizeof(Pos));
ds->head = (Posf *) ZALLOC(dest, ds->hash_size, sizeof(Pos));
- overlay = (ushf *) ZALLOC(dest, ds->lit_bufsize, sizeof(ush)+2);
- ds->pending_buf = (uchf *) overlay;
+ ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4);
if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
ds->pending_buf == Z_NULL) {
@@ -970,8 +1005,7 @@ int ZEXPORT deflateCopy (dest, source)
zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
- ds->d_buf = overlay + ds->lit_bufsize/sizeof(ush);
- ds->l_buf = ds->pending_buf + (1+sizeof(ush))*ds->lit_bufsize;
+ ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
ds->l_desc.dyn_tree = ds->dyn_ltree;
ds->d_desc.dyn_tree = ds->dyn_dtree;
diff --git a/lib/zlib/deflate.h b/lib/zlib/deflate.h
index cbf0d1ea5d96..4c53b94af0b0 100644
--- a/lib/zlib/deflate.h
+++ b/lib/zlib/deflate.h
@@ -211,7 +211,7 @@ typedef struct internal_state {
/* Depth of each subtree used as tie breaker for trees of equal frequency
*/
- uchf *l_buf; /* buffer for literals or lengths */
+ uchf *sym_buf; /* buffer for distances and literals/lengths */
uInt lit_bufsize;
/* Size of match buffer for literals/lengths. There are 4 reasons for
@@ -233,13 +233,8 @@ typedef struct internal_state {
* - I can't count above 4
*/
- uInt last_lit; /* running index in l_buf */
-
- ushf *d_buf;
- /* Buffer for distances. To simplify the code, d_buf and l_buf have
- * the same number of elements. To use different lengths, an extra flag
- * array would be necessary.
- */
+ uInt sym_next; /* running index in sym_buf */
+ uInt sym_end; /* symbol table full when sym_next reaches this */
ulg opt_len; /* bit length of current block with optimal trees */
ulg static_len; /* bit length of current block with static trees */
@@ -318,20 +313,22 @@ void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf,
# define _tr_tally_lit(s, c, flush) \
{ uch cc = (c); \
- s->d_buf[s->last_lit] = 0; \
- s->l_buf[s->last_lit++] = cc; \
+ s->sym_buf[s->sym_next++] = 0; \
+ s->sym_buf[s->sym_next++] = 0; \
+ s->sym_buf[s->sym_next++] = cc; \
s->dyn_ltree[cc].Freq++; \
- flush = (s->last_lit == s->lit_bufsize-1); \
+ flush = (s->sym_next == s->sym_end); \
}
# define _tr_tally_dist(s, distance, length, flush) \
{ uch len = (length); \
ush dist = (distance); \
- s->d_buf[s->last_lit] = dist; \
- s->l_buf[s->last_lit++] = len; \
+ s->sym_buf[s->sym_next++] = dist; \
+ s->sym_buf[s->sym_next++] = dist >> 8; \
+ s->sym_buf[s->sym_next++] = len; \
dist--; \
s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
s->dyn_dtree[d_code(dist)].Freq++; \
- flush = (s->last_lit == s->lit_bufsize-1); \
+ flush = (s->sym_next == s->sym_end); \
}
#else
# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
diff --git a/lib/zlib/trees.c b/lib/zlib/trees.c
index 700c62f6d7b9..970bc5dbc64e 100644
--- a/lib/zlib/trees.c
+++ b/lib/zlib/trees.c
@@ -425,7 +425,7 @@ local void init_block(s)
s->dyn_ltree[END_BLOCK].Freq = 1;
s->opt_len = s->static_len = 0L;
- s->last_lit = s->matches = 0;
+ s->sym_next = s->matches = 0;
}
#define SMALLEST 1
@@ -962,7 +962,7 @@ void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last)
Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
- s->last_lit));
+ s->sym_next / 3));
if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
@@ -1029,8 +1029,9 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
unsigned dist; /* distance of matched string */
unsigned lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
{
- s->d_buf[s->last_lit] = (ush)dist;
- s->l_buf[s->last_lit++] = (uch)lc;
+ s->sym_buf[s->sym_next++] = dist;
+ s->sym_buf[s->sym_next++] = dist >> 8;
+ s->sym_buf[s->sym_next++] = lc;
if (dist == 0) {
/* lc is the unmatched char */
s->dyn_ltree[lc].Freq++;
@@ -1045,30 +1046,7 @@ int ZLIB_INTERNAL _tr_tally (s, dist, lc)
s->dyn_ltree[_length_code[lc]+LITERALS+1].Freq++;
s->dyn_dtree[d_code(dist)].Freq++;
}
-
-#ifdef TRUNCATE_BLOCK
- /* Try to guess if it is profitable to stop the current block here */
- if ((s->last_lit & 0x1fff) == 0 && s->level > 2) {
- /* Compute an upper bound for the compressed length */
- ulg out_length = (ulg)s->last_lit*8L;
- ulg in_length = (ulg)((long)s->strstart - s->block_start);
- int dcode;
- for (dcode = 0; dcode < D_CODES; dcode++) {
- out_length += (ulg)s->dyn_dtree[dcode].Freq *
- (5L+extra_dbits[dcode]);
- }
- out_length >>= 3;
- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
- s->last_lit, in_length, out_length,
- 100L - out_length*100L/in_length));
- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
- }
-#endif
- return (s->last_lit == s->lit_bufsize-1);
- /* We avoid equality with lit_bufsize because of wraparound at 64K
- * on 16 bit machines and because stored blocks are restricted to
- * 64K-1 bytes.
- */
+ return (s->sym_next == s->sym_end);
}
/* ===========================================================================
@@ -1081,13 +1059,14 @@ local void compress_block(s, ltree, dtree)
{
unsigned dist; /* distance of matched string */
int lc; /* match length or unmatched char (if dist == 0) */
- unsigned lx = 0; /* running index in l_buf */
+ unsigned sx = 0; /* running index in sym_buf */
unsigned code; /* the code to send */
int extra; /* number of extra bits to send */
- if (s->last_lit != 0) do {
- dist = s->d_buf[lx];
- lc = s->l_buf[lx++];
+ if (s->sym_next != 0) do {
+ dist = s->sym_buf[sx++] & 0xff;
+ dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
+ lc = s->sym_buf[sx++];
if (dist == 0) {
send_code(s, lc, ltree); /* send a literal byte */
Tracecv(isgraph(lc), (stderr," '%c' ", lc));
@@ -1112,11 +1091,10 @@ local void compress_block(s, ltree, dtree)
}
} /* literal or match pair ? */
- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
- Assert((uInt)(s->pending) < s->lit_bufsize + 2*lx,
- "pendingBuf overflow");
+ /* Check that the overlay between pending_buf and sym_buf is ok: */
+ Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
- } while (lx < s->last_lit);
+ } while (sx < s->sym_next);
send_code(s, END_BLOCK, ltree);
s->last_eob_len = ltree[END_BLOCK].Len;