mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2024-12-24 18:39:34 +03:00
lz4: Cherrypick fix for CVE-2021-3520
There should be no risk of us accidentally hitting this since we'd need maliciously malformed data to wind up in the pipeline, or a very unfortunate random bit flip at exactly the right moment. Still since we can handle it we should. Reviewed-by: Igor Kozhukhov <igor@dilos.org> Reviewed-by: George Melikov <mail@gmelikov.ru> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Adam Moss <c@yotes.com> Signed-off-by: Rich Ercolani <rincebrain@gmail.com> Closes #12947
This commit is contained in:
parent
d6c1bbdd65
commit
63f4bfd6ac
@ -541,7 +541,7 @@ LZ4_decompress_generic(
|
||||
const size_t dictSize /* note : = 0 if noDict */
|
||||
)
|
||||
{
|
||||
if (src == NULL) { return -1; }
|
||||
if ((src == NULL) || (outputSize < 0)) { return -1; }
|
||||
|
||||
{ const BYTE* ip = (const BYTE*) src;
|
||||
const BYTE* const iend = ip + srcSize;
|
||||
|
Loading…
Reference in New Issue
Block a user