From: Toomas Soome <tsoome@me.com>
Date: Fri, 12 Feb 2016 15:31:23 +0000 (+0100)
Subject: lz4: Fix pointer overflow
X-Git-Tag: 2.02-beta3~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce01054ec3f8f8d03fba434de94ab00118c16593;p=thirdparty%2Fgrub.git

lz4: Fix pointer overflow
---

diff --git a/grub-core/fs/zfs/zfs_lz4.c b/grub-core/fs/zfs/zfs_lz4.c
index 1212a8986..2f73449f0 100644
--- a/grub-core/fs/zfs/zfs_lz4.c
+++ b/grub-core/fs/zfs/zfs_lz4.c
@@ -184,6 +184,8 @@ LZ4_uncompress_unknownOutputSize(const char *source,
 			}
 		}
 		/* copy literals */
+		if ((grub_addr_t) length > ~(grub_addr_t)op)
+		  goto _output_error;
 		cpy = op + length;
 		if ((cpy > oend - COPYLENGTH) ||
 		    (ip + length > iend - COPYLENGTH)) {