[PATCH] Fix potential memory corruption with negative memmove() size

author Jasper Lievisse Adriaanse <j@jasper.la>

Fri, 26 Feb 2021 14:21:20 +0000 (15:21 +0100)

committer Nobuhiro Iwamatsu <iwamatsu@debian.org>

Wed, 5 May 2021 07:29:57 +0000 (08:29 +0100)
author Jasper Lievisse Adriaanse <j@jasper.la>
Fri, 26 Feb 2021 14:21:20 +0000 (15:21 +0100)
committer Nobuhiro Iwamatsu <iwamatsu@debian.org>
Wed, 5 May 2021 07:29:57 +0000 (08:29 +0100)
diff --git a/lib/lz4.c b/lib/lz4.c

index 9f5e9bfa0839f8e1347d2abb3d867b21ff740215..eac0541b22a0053d111c05a345c43e93cd8a5e85 100644 (file)
--- a/lib/lz4.c
+++ b/lib/lz4.c
@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
                   const size_t dictSize         /* note : = 0 if noDict */
                   )
  {
-    if (src == NULL) { return -1; }
+    if ((src == NULL) || (outputSize < 0)) { return -1; }
  
      {   const BYTE* ip = (const BYTE*) src;
          const BYTE* const iend = ip + srcSize;
author	Jasper Lievisse Adriaanse <j@jasper.la>
	Fri, 26 Feb 2021 14:21:20 +0000 (15:21 +0100)
committer	Nobuhiro Iwamatsu <iwamatsu@debian.org>
	Wed, 5 May 2021 07:29:57 +0000 (08:29 +0100)