ecb55c43ce
Fixes a potential memory corruption with negative memmove() size. For details, see (NVD not yet updated): https://security-tracker.debian.org/tracker/CVE-2021-3520 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
27 lines
801 B
Diff
27 lines
801 B
Diff
From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001
|
|
From: Jasper Lievisse Adriaanse <j@jasper.la>
|
|
Date: Fri, 26 Feb 2021 15:21:20 +0100
|
|
Subject: [PATCH] Fix potential memory corruption with negative memmove() size
|
|
|
|
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
|
---
|
|
lib/lz4.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/lz4.c b/lib/lz4.c
|
|
index 5f524d0..c2f504e 100644
|
|
--- a/lib/lz4.c
|
|
+++ b/lib/lz4.c
|
|
@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
|
|
const size_t dictSize /* note : = 0 if noDict */
|
|
)
|
|
{
|
|
- if (src == NULL) { return -1; }
|
|
+ if ((src == NULL) || (outputSize < 0)) { return -1; }
|
|
|
|
{ const BYTE* ip = (const BYTE*) src;
|
|
const BYTE* const iend = ip + srcSize;
|
|
--
|
|
2.20.1
|
|
|