mirror of
				https://git.proxmox.com/git/mirror_zfs
				synced 2025-10-26 08:54:43 +00:00 
			
		
		
		
	lz4: Cherrypick fix for CVE-2021-3520
There should be no risk of us accidentally hitting this since we'd need maliciously malformed data to wind up in the pipeline, or a very unfortunate random bit flip at exactly the right moment. Still since we can handle it we should. Reviewed-by: Igor Kozhukhov <igor@dilos.org> Reviewed-by: George Melikov <mail@gmelikov.ru> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Adam Moss <c@yotes.com> Signed-off-by: Rich Ercolani <rincebrain@gmail.com> Closes #12947
This commit is contained in:
		
							parent
							
								
									d6c1bbdd65
								
							
						
					
					
						commit
						63f4bfd6ac
					
				| @ -541,7 +541,7 @@ LZ4_decompress_generic( | ||||
|                  const size_t dictSize         /* note : = 0 if noDict */ | ||||
|                  ) | ||||
| { | ||||
|     if (src == NULL) { return -1; } | ||||
|     if ((src == NULL) || (outputSize < 0)) { return -1; } | ||||
| 
 | ||||
|     {   const BYTE* ip = (const BYTE*) src; | ||||
|         const BYTE* const iend = ip + srcSize; | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Rich Ercolani
						Rich Ercolani