Blame SOURCES/lz4-cve-2021-3520.patch

35a24c
From 97f58e5fe5ff44fc9f7c86f6f67a11223379e640 Mon Sep 17 00:00:00 2001
35a24c
From: Jakub Martisko <jamartis@redhat.com>
35a24c
Date: Fri, 7 May 2021 13:08:24 +0200
35a24c
Subject: [PATCH] Fix: cve-2021-3520
35a24c
35a24c
---
35a24c
 lib/lz4.c | 1 +
35a24c
 1 file changed, 1 insertion(+)
35a24c
35a24c
diff --git a/lib/lz4.c b/lib/lz4.c
35a24c
index 4046102..c18c1f6 100644
35a24c
--- a/lib/lz4.c
35a24c
+++ b/lib/lz4.c
35a24c
@@ -1437,6 +1437,7 @@ LZ4_decompress_generic(
35a24c
     /* Special cases */
35a24c
     assert(lowPrefix <= op);
35a24c
     assert(src != NULL);
35a24c
+    if (outputSize < 0) {return -1;};
35a24c
     if ((endOnInput) && (unlikely(outputSize==0))) return ((srcSize==1) && (*ip==0)) ? 0 : -1;  /* Empty output buffer */
35a24c
     if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0 ? 1 : -1);
35a24c
     if ((endOnInput) && unlikely(srcSize==0)) return -1;
35a24c
-- 
35a24c
2.30.1
35a24c