1 files changed, 39 insertions, 0 deletions

diff --git a/0002-bunzip2-fix-rare-decompression-failure.patch b/0002-bunzip2-fix-rare-decompression-failure.patch
new file mode 100644
index 0000000..79e8339
--- /dev/null
+++ b/0002-bunzip2-fix-rare-decompression-failure.patch
@@ -0,0 +1,39 @@
+From e54077cbca7149c8fa856535b69a4c70dfd48cd2 Mon Sep 17 00:00:00 2001
+From: Ross Lagerwall <ross.lagerwall@citrix.com>
+Date: Thu, 8 Aug 2024 13:44:26 +0200
+Subject: [PATCH 02/35] bunzip2: fix rare decompression failure
+
+The decompression code parses a huffman tree and counts the number of
+symbols for a given bit length.  In rare cases, there may be >= 256
+symbols with a given bit length, causing the unsigned char to overflow.
+This causes a decompression failure later when the code tries and fails to
+find the bit length for a given symbol.
+
+Since the maximum number of symbols is 258, use unsigned short instead.
+
+Fixes: ab77e81f6521 ("x86/dom0: support bzip2 and lzma compressed bzImage payloads")
+Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
+Acked-by: Jan Beulich <jbeulich@suse.com>
+master commit: 303d3ff85c90ee4af4bad4e3b1d4932fa2634d64
+master date: 2024-07-30 11:55:56 +0200
+---
+ xen/common/bunzip2.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/xen/common/bunzip2.c b/xen/common/bunzip2.c
+index 4466426941..79f17162b1 100644
+--- a/xen/common/bunzip2.c
++++ b/xen/common/bunzip2.c
+@@ -221,7 +221,8 @@ static int __init get_next_block(struct bunzip_data *bd)
+ 	   RUNB) */
+ 	symCount = symTotal+2;
+ 	for (j = 0; j < groupCount; j++) {
+-		unsigned char length[MAX_SYMBOLS], temp[MAX_HUFCODE_BITS+1];
++		unsigned char length[MAX_SYMBOLS];
++		unsigned short temp[MAX_HUFCODE_BITS+1];
+ 		int	minLen,	maxLen, pp;
+ 		/* Read Huffman code lengths for each symbol.  They're
+ 		   stored in a way similar to mtf; record a starting
+-- 
+2.46.1
+