all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
blob 100baa4758fe3e2c62c23571918c52df722e32b6 505 bytes (raw)
name: gnu/packages/patches/lz4-CVE-2021-3520.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15

 
Not merged patch fixing CVE-2021-3520
https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7

Index: b/lib/lz4.c
--- a/lib/lz4.c.orig
+++ b/lib/lz4.c
@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
                  const size_t dictSize         /* note : = 0 if noDict */
                  )
 {
-    if (src == NULL) { return -1; }
+    if ((src == NULL) || (outputSize < 0)) { return -1; }
 
     {   const BYTE* ip = (const BYTE*) src;
         const BYTE* const iend = ip + srcSize;

debug log:

solving 100baa4758 ...
found 100baa4758 in https://yhetil.org/guix/20210525202407.383e1713@perso.pw/

applying [1/1] https://yhetil.org/guix/20210525202407.383e1713@perso.pw/
diff --git a/gnu/packages/patches/lz4-CVE-2021-3520.patch b/gnu/packages/patches/lz4-CVE-2021-3520.patch
new file mode 100644
index 0000000000..100baa4758

1:19: trailing whitespace.
 
Checking patch gnu/packages/patches/lz4-CVE-2021-3520.patch...
Applied patch gnu/packages/patches/lz4-CVE-2021-3520.patch cleanly.
warning: 1 line adds whitespace errors.

index at:
100644 100baa4758fe3e2c62c23571918c52df722e32b6	gnu/packages/patches/lz4-CVE-2021-3520.patch

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.