lz4: Cherrypick fix for CVE-2021-3520

There should be no risk of us accidentally hitting this since we'd need maliciously malformed data to wind up in the pipeline, or a very unfortunate random bit flip at exactly the right moment. Still since we can handle it we should. Reviewed-by: Igor Kozhukhov <[email protected]> Reviewed-by: George Melikov <[email protected]> Reviewed-by: Brian Behlendorf <[email protected]> Reviewed-by: Adam Moss <[email protected]> Signed-off-by: Rich Ercolani <[email protected]> Closes #12947
openzfs · Jan 13, 2022 · 63f4bfd · 63f4bfd
1 parent d6c1bbd
commit 63f4bfd
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/module/zfs/lz4.c b/module/zfs/lz4.c
@@ -541,7 +541,7 @@ LZ4_decompress_generic(
                  const size_t dictSize         /* note : = 0 if noDict */
                  )
 {
-    if (src == NULL) { return -1; }
+    if ((src == NULL) || (outputSize < 0)) { return -1; }
 
     {   const BYTE* ip = (const BYTE*) src;
         const BYTE* const iend = ip + srcSize;