diff --git a/backport-CVE-2021-3520.patch b/backport-CVE-2021-3520.patch new file mode 100644 index 0000000000000000000000000000000000000000..053958dfe872769a3fd906ae1f764e97a2125cce --- /dev/null +++ b/backport-CVE-2021-3520.patch @@ -0,0 +1,22 @@ +From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 +From: Jasper Lievisse Adriaanse +Date: Fri, 26 Feb 2021 15:21:20 +0100 +Subject: [PATCH] Fix potential memory corruption with negative memmove() size + +--- + lib/lz4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/lz4.c b/lib/lz4.c +index 5f524d01d..c2f504ef3 100644 +--- a/lib/lz4.c ++++ b/lib/lz4.c +@@ -1749,7 +1749,7 @@ LZ4_decompress_generic( + const size_t dictSize /* note : = 0 if noDict */ + ) + { +- if (src == NULL) { return -1; } ++ if ((src == NULL) || (outputSize < 0)) { return -1; } + + { const BYTE* ip = (const BYTE*) src; + const BYTE* const iend = ip + srcSize; diff --git a/lz4.spec b/lz4.spec index 0252415a74c1b997112d2ff1ba570126d784cb00..88defa49181b28e45c6a4950a83a870bf97d2533 100644 --- a/lz4.spec +++ b/lz4.spec @@ -1,12 +1,13 @@ Name: lz4 Version: 1.9.2 -Release: 2 +Release: 3 Summary: Extremely fast compression algorithm License: GPLv2+ and BSD URL: https://lz4.github.io/lz4/ Source0: https://github.com/lz4/lz4/archive/v%{version}/%{name}-%{version}.tar.gz -Patch6000: Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch +Patch6000: Fix-Data-Corruption-Bug-when-Streaming-with-an-Attac.patch +Patch6001: backport-CVE-2021-3520.patch Provides: %{name}-libs = %{version}-%{release} Obsoletes: %{name} < 1.7.5-3 @@ -68,6 +69,9 @@ export MOREFLAGS="-g" %{_mandir}/man1/unlz4.1* %changelog +* Sat Jun 19 2021 shixuantong - 1.9.2-3 +- fix CVE-2021-3520 + * Mon Dec 23 2019 openEuler Buildteam - 1.9.2-2 - fix abort in oss-fuzz round_trip_stream_fuzzer.c