lz4/SOURCES/lz4-cve-2021-3520.patch

From 97f58e5fe5ff44fc9f7c86f6f67a11223379e640 Mon Sep 17 00:00:00 2001
From: Jakub Martisko <jamartis@redhat.com>
Date: Fri, 7 May 2021 13:08:24 +0200
Subject: [PATCH] Fix: cve-2021-3520

---
 lib/lz4.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/lz4.c b/lib/lz4.c
index 4046102..c18c1f6 100644
--- a/lib/lz4.c
+++ b/lib/lz4.c
@@ -1437,6 +1437,7 @@ LZ4_decompress_generic(
     /* Special cases */
     assert(lowPrefix <= op);
     assert(src != NULL);
+    if (outputSize < 0) {return -1;};
     if ((endOnInput) && (unlikely(outputSize==0))) return ((srcSize==1) && (*ip==0)) ? 0 : -1;  /* Empty output buffer */
     if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0 ? 1 : -1);
     if ((endOnInput) && unlikely(srcSize==0)) return -1;
-- 
2.30.1
import lz4-1.8.3-3.el8_4 4 years ago			`From 97f58e5fe5ff44fc9f7c86f6f67a11223379e640 Mon Sep 17 00:00:00 2001`
			`From: Jakub Martisko <jamartis@redhat.com>`
			`Date: Fri, 7 May 2021 13:08:24 +0200`
			`Subject: [PATCH] Fix: cve-2021-3520`

			`---`
			`lib/lz4.c \| 1 +`
			`1 file changed, 1 insertion(+)`

			`diff --git a/lib/lz4.c b/lib/lz4.c`
			`index 4046102..c18c1f6 100644`
			`--- a/lib/lz4.c`
			`+++ b/lib/lz4.c`
			`@@ -1437,6 +1437,7 @@ LZ4_decompress_generic(`
			`/* Special cases */`
			`assert(lowPrefix <= op);`
			`assert(src != NULL);`
			`+ if (outputSize < 0) {return -1;};`
			`if ((endOnInput) && (unlikely(outputSize==0))) return ((srcSize==1) && (ip==0)) ? 0 : -1; / Empty output buffer */`
			`if ((!endOnInput) && (unlikely(outputSize==0))) return (*ip==0 ? 1 : -1);`
			`if ((endOnInput) && unlikely(srcSize==0)) return -1;`
			`--`
			`2.30.1`