projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1b7fe9a) | patch
lz4: check for underruns
authorJan Beulich <jbeulich@suse.com>
Mon, 4 Aug 2014 11:43:03 +0000 (13:43 +0200)
committerJan Beulich <jbeulich@suse.com>
Mon, 4 Aug 2014 11:43:03 +0000 (13:43 +0200)
commit9143a6c55ef7e8f630857cb08c03844d372c2345
tree7670aaf504b8bb5515b97860bbdfd2a763eca363tree | snapshot
parent1b7fe9a1a1757d6634f4319e91a466d2bc8e7ab2commit | diff
lz4: check for underruns

While overruns are already being taken care of, underruns (resulting
from overflows in the respective "op + length" (or similar) operations
weren't.

This is CVE-2014-4611.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/common/lz4/decompress.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.