Code Review / kvmfornfv.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
These changes are the raw update to linux-4.4.6-rt14. Kernel sources
[kvmfornfv.git] / kernel / lib / lz4 / lz4_decompress.c
diff --git a/kernel/lib/lz4/lz4_decompress.c b/kernel/lib/lz4/lz4_decompress.c
index 26cc602..6d940c7 100644 (file)
--- a/kernel/lib/lz4/lz4_decompress.c
+++ b/kernel/lib/lz4/lz4_decompress.c
@@ -140,8 +140,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize)
                        /* Error: request to write beyond destination buffer */
                        if (cpy > oend)
                                goto _output_error;
+#if LZ4_ARCH64
+                       if ((ref + COPYLENGTH) > oend)
+#else
                        if ((ref + COPYLENGTH) > oend ||
                                        (op + COPYLENGTH) > oend)
+#endif
                                goto _output_error;
                        LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
                        while (op < cpy)
@@ -266,7 +270,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
                if (cpy > oend - COPYLENGTH) {
                        if (cpy > oend)
                                goto _output_error; /* write outside of buf */
-
+#if LZ4_ARCH64
+                       if ((ref + COPYLENGTH) > oend)
+#else
+                       if ((ref + COPYLENGTH) > oend ||
+                                       (op + COPYLENGTH) > oend)
+#endif
+                               goto _output_error;
                        LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
                        while (op < cpy)
                                *op++ = *ref++;