lz4: fix another possible overrun
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 24 Jun 2014 20:59:01 +0000 (16:59 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 27 Jun 2014 18:21:07 +0000 (11:21 -0700)
commit4148c1f67abf823099b2d7db6851e4aea407f5ee
tree1c7a40284294cc86f508fb8fa3461d1bb1223d42
parent206204a1162b995e2185275167b22468c00d6b36
lz4: fix another possible overrun

There is one other possible overrun in the lz4 code as implemented by
Linux at this point in time (which differs from the upstream lz4
codebase, but will get synced at in a future kernel release.)  As
pointed out by Don, we also need to check the overflow in the data
itself.

While we are at it, replace the odd error return value with just a
"simple" -1 value as the return value is never used for anything other
than a basic "did this work or not" check.

Reported-by: "Don A. Bailey" <donb@securitymouse.com>
Reported-by: Willy Tarreau <w@1wt.eu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
lib/lz4/lz4_decompress.c