From 63f4bfd6ac486fc585c1df8f063586d26487bec6 Mon Sep 17 00:00:00 2001 From: Rich Ercolani <214141+rincebrain@users.noreply.github.com> Date: Wed, 12 Jan 2022 19:14:36 -0500 Subject: [PATCH] lz4: Cherrypick fix for CVE-2021-3520 There should be no risk of us accidentally hitting this since we'd need maliciously malformed data to wind up in the pipeline, or a very unfortunate random bit flip at exactly the right moment. Still since we can handle it we should. Reviewed-by: Igor Kozhukhov Reviewed-by: George Melikov Reviewed-by: Brian Behlendorf Reviewed-by: Adam Moss Signed-off-by: Rich Ercolani Closes #12947 --- module/zfs/lz4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/zfs/lz4.c b/module/zfs/lz4.c index 800635b344..75a31bf17e 100644 --- a/module/zfs/lz4.c +++ b/module/zfs/lz4.c @@ -541,7 +541,7 @@ LZ4_decompress_generic( const size_t dictSize /* note : = 0 if noDict */ ) { - if (src == NULL) { return -1; } + if ((src == NULL) || (outputSize < 0)) { return -1; } { const BYTE* ip = (const BYTE*) src; const BYTE* const iend = ip + srcSize;