rpms / lz4

Clone
Source Code
GIT

Blame SOURCES/lz4-cve-2021-3520.patch

c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta
  1.   35a24c3018025f1a367f43f31bbeab95b7764be0
  2.   SOURCES
  3.   lz4-cve-2021-3520.patch
Blob History Raw
35a24c 
From 97f58e5fe5ff44fc9f7c86f6f67a11223379e640 Mon Sep 17 00:00:00 2001
35a24c 
From: Jakub Martisko <jamartis@redhat.com>
35a24c 
Date: Fri, 7 May 2021 13:08:24 +0200
35a24c 
Subject: [PATCH] Fix: cve-2021-3520
35a24c
35a24c 
---
35a24c 
 lib/lz4.c | 1 +
35a24c 
 1 file changed, 1 insertion(+)
35a24c
35a24c 
diff --git a/lib/lz4.c b/lib/lz4.c
35a24c 
index 4046102..c18c1f6 100644
35a24c 
--- a/lib/lz4.c
35a24c 
+++ b/lib/lz4.c
35a24c 
@@ -1437,6 +1437,7 @@ LZ4_decompress_generic(
35a24c 
     /* Special cases */
35a24c 
     assert(lowPrefix <= op);
35a24c 
     assert(src != NULL);
35a24c 
+    if (outputSize < 0) {return -1;};
35a24c 
     if ((endOnInput) && (unlikely(outputSize==0))) return ((srcSize==1) && (*ip==0)) ? 0 : -1;  /* Empty output buffer */
35a24c 
     if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0 ? 1 : -1);
35a24c 
     if ((endOnInput) && unlikely(srcSize==0)) return -1;
35a24c 
--
35a24c 
2.30.1
35a24c

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation