[jan] Update lz4 source to r119 (CVE-2014-4715).

horde · Jul 3, 2014 · c335f66 · c335f66
1 parent 4acd1cc
commit c335f66
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/framework/lz4/lz4.c b/framework/lz4/lz4.c
@@ -922,7 +922,9 @@ FORCE_INLINE int LZ4_decompress_generic(
                 length += s;
             }
             while (likely((endOnInput)?ip<iend-RUN_MASK:1) && (s==255));
-            if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error;   /* overflow detection */
+            //if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error;   /* overflow detection */
+            if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)(op))) goto _output_error;   /* quickfix issue 134 */
+            if ((endOnInput) && (sizeof(void*)==4) && unlikely((size_t)(ip+length)<(size_t)(ip))) goto _output_error;   /* quickfix issue 134 */
         }
 
         /* copy literals */
@@ -957,11 +959,12 @@ FORCE_INLINE int LZ4_decompress_generic(
             unsigned s;
             do
             {
-                if (endOnInput && (ip > iend-LASTLITERALS)) goto _output_error;
+                if ((endOnInput) && (ip > iend-LASTLITERALS)) goto _output_error;
                 s = *ip++;
                 length += s;
             } while (s==255);
-            if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error;   /* overflow detection */
+            //if ((sizeof(void*)==4) && unlikely(length>LZ4_MAX_INPUT_SIZE)) goto _output_error;   /* overflow detection */
+            if ((sizeof(void*)==4) && unlikely((size_t)(op+length)<(size_t)op)) goto _output_error;   /* quickfix issue 134 */
         }
 
         /* check external dictionary */

diff --git a/framework/lz4/package.xml b/framework/lz4/package.xml
@@ -21,7 +21,7 @@
  </stability>
  <license uri="http://opensource.org/licenses/MIT">MIT (Expat)</license>
  <notes>
-* 
+* [jan] Update lz4 source to r119 (CVE-2014-4715).
  </notes>
  <contents>
   <dir name="/">
@@ -186,7 +186,7 @@
    <date>2014-07-03</date>
    <license uri="http://opensource.org/licenses/MIT">MIT (Expat)</license>
    <notes>
-* 
+* [jan] Update lz4 source to r119 (CVE-2014-4715).
    </notes>
   </release>
  </changelog>