diff options
author | Michał Górny <mgorny@gentoo.org> | 2021-06-08 13:34:45 +0200 |
---|---|---|
committer | Michał Górny <mgorny@gentoo.org> | 2021-06-08 13:42:14 +0200 |
commit | f063d9e1dcac596d0a15fab50c8d89c4d8a9d0e3 (patch) | |
tree | ece56fad899292f619324cb789b0336a3deba1c7 /app-arch/lz4 | |
parent | dev-python/pytest-django: Bump to 4.4.0 (diff) | |
download | gentoo-f063d9e1dcac596d0a15fab50c8d89c4d8a9d0e3.tar.gz gentoo-f063d9e1dcac596d0a15fab50c8d89c4d8a9d0e3.tar.bz2 gentoo-f063d9e1dcac596d0a15fab50c8d89c4d8a9d0e3.zip |
app-arch/lz4: Backport memory corruption fix (CVE-2021-3520)
Bug: https://bugs.gentoo.org/791952
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'app-arch/lz4')
-rw-r--r-- | app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch | 22 | ||||
-rw-r--r-- | app-arch/lz4/lz4-1.9.3-r1.ebuild (renamed from app-arch/lz4/lz4-1.9.3.ebuild) | 4 |
2 files changed, 26 insertions, 0 deletions
diff --git a/app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch b/app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch new file mode 100644 index 000000000000..053958dfe872 --- /dev/null +++ b/app-arch/lz4/files/lz4-1.9.3-negative-memmove.patch @@ -0,0 +1,22 @@ +From 8301a21773ef61656225e264f4f06ae14462bca7 Mon Sep 17 00:00:00 2001 +From: Jasper Lievisse Adriaanse <j@jasper.la> +Date: Fri, 26 Feb 2021 15:21:20 +0100 +Subject: [PATCH] Fix potential memory corruption with negative memmove() size + +--- + lib/lz4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/lz4.c b/lib/lz4.c +index 5f524d01d..c2f504ef3 100644 +--- a/lib/lz4.c ++++ b/lib/lz4.c +@@ -1749,7 +1749,7 @@ LZ4_decompress_generic( + const size_t dictSize /* note : = 0 if noDict */ + ) + { +- if (src == NULL) { return -1; } ++ if ((src == NULL) || (outputSize < 0)) { return -1; } + + { const BYTE* ip = (const BYTE*) src; + const BYTE* const iend = ip + srcSize; diff --git a/app-arch/lz4/lz4-1.9.3.ebuild b/app-arch/lz4/lz4-1.9.3-r1.ebuild index 02eac78fb6dd..2282b90c9bcc 100644 --- a/app-arch/lz4/lz4-1.9.3.ebuild +++ b/app-arch/lz4/lz4-1.9.3-r1.ebuild @@ -18,6 +18,10 @@ IUSE="static-libs" CMAKE_USE_DIR=${S}/build/cmake +PATCHES=( + "${FILESDIR}"/${P}-negative-memmove.patch +) + multilib_src_configure() { local mycmakeargs=( -DBUILD_STATIC_LIBS=$(usex static-libs) |