Tree - rpms/lz4 - CentOS Git server

rpms / lz4

Files

Commit: 35a24c3018025f1a367f43f31bbeab95b7764be0

Blob Blame History Raw

From 97f58e5fe5ff44fc9f7c86f6f67a11223379e640 Mon Sep 17 00:00:00 2001
From: Jakub Martisko <jamartis@redhat.com>
Date: Fri, 7 May 2021 13:08:24 +0200
Subject: [PATCH] Fix: cve-2021-3520

---
 lib/lz4.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/lz4.c b/lib/lz4.c
index 4046102..c18c1f6 100644
--- a/lib/lz4.c
+++ b/lib/lz4.c
@@ -1437,6 +1437,7 @@ LZ4_decompress_generic(
     /* Special cases */
     assert(lowPrefix <= op);
     assert(src != NULL);
+    if (outputSize < 0) {return -1;};
     if ((endOnInput) && (unlikely(outputSize==0))) return ((srcSize==1) && (*ip==0)) ? 0 : -1;  /* Empty output buffer */
     if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0 ? 1 : -1);
     if ((endOnInput) && unlikely(srcSize==0)) return -1;
-- 
2.30.1

rpms / lz4

Source Code

Files