On Wed, Feb 26, 2020 at 10:30:11AM +0800, Gao Xiang wrote: > As Lasse pointed out, "Looking at fs/erofs/decompress.c, > the return value from LZ4_decompress_safe_partial is only > checked for negative value to catch errors. ... So if > I understood it correctly, if there is bad data whose > uncompressed size is much less than it should be, it can > leave part of the output buffer untouched and expose the > previous data as the file content. " > > Let's fix it now. > > Cc: Lasse Collin <[email protected]> > Signed-off-by: Gao Xiang <[email protected]>
Shouldn't fixes like this have a Fixes tag and Cc stable? - Eric
