Compress bugfix for 3.16-rc3

Here is another lz4 bugfix for 3.16-rc3 that resolves a reported issue
 with that compression algorithm.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlOuGXoACgkQMUfUDdst+ym2ggCgyo0pzGL72nt2lT4QjriPhLAq
 3nwAnjB4x3sezmwoqlkqfhKGuRon2lMw
 =Tcxf
 -----END PGP SIGNATURE-----

Merge tag 'compress-3.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull compress bugfix from Greg KH:
 "Here is another lz4 bugfix for 3.16-rc3 that resolves a reported issue
  with that compression algorithm"

* tag 'compress-3.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  lz4: fix another possible overrun
This commit is contained in:
Linus Torvalds 2014-06-27 18:33:49 -07:00
commit 8dd68eb3ca
1 changed files with 3 additions and 1 deletions

View File

@ -108,6 +108,8 @@ static int lz4_uncompress(const char *source, char *dest, int osize)
if (length == ML_MASK) { if (length == ML_MASK) {
for (; *ip == 255; length += 255) for (; *ip == 255; length += 255)
ip++; ip++;
if (unlikely(length > (size_t)(length + *ip)))
goto _output_error;
length += *ip++; length += *ip++;
} }
@ -157,7 +159,7 @@ static int lz4_uncompress(const char *source, char *dest, int osize)
/* write overflow error detected */ /* write overflow error detected */
_output_error: _output_error:
return (int) (-(((char *)ip) - source)); return -1;
} }
static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,