hcq/openGauss-third_party
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6.0.0
openGauss-third_party/dependency/lz4/lz4-CVE-2021-3520.patch
buter 687eefbea9 跟新CVE patch
2022-03-16 19:15:41 +08:00

25 lines
831 B
Diff
Raw Permalink Blame History

commit 9b97c3a72a0ef1b66e0326d180fa0b29fc9c2094
Author: l30004689 <liuqirun@huawei.com>
Date: Fri Jun 11 03:01:43 2021 -0400
[Backport]Fix potential memory corruption with negative memmove() size
Offering: GaussDB Kernel
CVE: CVE-2021-3520
Reference: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7
Signed-off-by: liuqirun liuqirun@huawei.com
diff --git a/lib/lz4.c b/lib/lz4.c
index 9808d70..805388d 100644
--- a/lib/lz4.c
+++ b/lib/lz4.c
@@ -1665,7 +1665,7 @@ LZ4_decompress_generic(
const size_t dictSize /* note : = 0 if noDict */
)
{
- if (src == NULL) { return -1; }
+ if ((src == NULL) || (outputSize < 0)) { return -1; }
{ const BYTE* ip = (const BYTE*) src;
const BYTE* const iend = ip + srcSize;
Reference in New Issue View Git Blame Copy Permalink