From bc9f4a254461436ef02d175fc2c6a5f04555de1a Mon Sep 17 00:00:00 2001 From: zeshuai007 Date: Thu, 17 Oct 2024 15:49:12 +0800 Subject: [PATCH] Fix CVE-2021-3520 affected components Lz4 1.9.3 in p7zip17 --- C/lz4/lz4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/C/lz4/lz4.c b/C/lz4/lz4.c index 9f5e9bfa..eac0541b 100644 --- a/C/lz4/lz4.c +++ b/C/lz4/lz4.c @@ -1749,7 +1749,7 @@ LZ4_decompress_generic( const size_t dictSize /* note : = 0 if noDict */ ) { - if (src == NULL) { return -1; } + if ((src == NULL) || (outputSize < 0)) { return -1; } { const BYTE* ip = (const BYTE*) src; const BYTE* const iend = ip + srcSize;