rpms / lz4

Clone
Source Code
GIT

Blame SOURCES/lz4-cve-2021-3520.patch

c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta
  1.   5fc855b9dd5eda29fe155a2be1af759bb14f0eab
  2.   SOURCES
  3.   lz4-cve-2021-3520.patch
Blob History Raw
5fc855 
From 97f58e5fe5ff44fc9f7c86f6f67a11223379e640 Mon Sep 17 00:00:00 2001
5fc855 
From: Jakub Martisko <jamartis@redhat.com>
5fc855 
Date: Fri, 7 May 2021 13:08:24 +0200
5fc855 
Subject: [PATCH] Fix: cve-2021-3520
5fc855
5fc855 
---
5fc855 
 lib/lz4.c | 1 +
5fc855 
 1 file changed, 1 insertion(+)
5fc855
5fc855 
diff --git a/lib/lz4.c b/lib/lz4.c
5fc855 
index 4046102..c18c1f6 100644
5fc855 
--- a/lib/lz4.c
5fc855 
+++ b/lib/lz4.c
5fc855 
@@ -1437,6 +1437,7 @@ LZ4_decompress_generic(
5fc855 
     /* Special cases */
5fc855 
     assert(lowPrefix <= op);
5fc855 
     assert(src != NULL);
5fc855 
+    if (outputSize < 0) {return -1;};
5fc855 
     if ((endOnInput) && (unlikely(outputSize==0))) return ((srcSize==1) && (*ip==0)) ? 0 : -1;  /* Empty output buffer */
5fc855 
     if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0 ? 1 : -1);
5fc855 
     if ((endOnInput) && unlikely(srcSize==0)) return -1;
5fc855 
--
5fc855 
2.30.1
5fc855

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation