Public bug reported: Affected packages:
https://packages.ubuntu.com/xenial/liblz4-1 https://packages.ubuntu.com/bionic/liblz4-1 https://packages.ubuntu.com/cosmic/liblz4-1 https://packages.ubuntu.com/disco/liblz4-1 Non-Affected packages: https://packages.ubuntu.com/eoan/liblz4-1 Description: I got SIGSEGV with lz4, when trying to read a corrupted stream No null ptr check of source in LZ4_decompress_generic Description of problem: No null ptr check of source in LZ4_decompress_generic (gdb) bt #0 0x00007ffff74ede70 in LZ4_decompress_generic (source=0x0, dest=0x631000028800 "press.foo.bar.6057 1 349830001\ncompress.foo.bar.6058 1 349830001\ncompress.foo.bar.6059 1 349830001\ncompress.foo.bar.6060 1 349830001\ncompress.foo.bar.6061 1 349830001\ncompress.foo.bar.6062 1 349830001"..., inputSize=1253, outputSize=65536, endOnInput=1, partialDecoding=0, targetOutputSize=0, dict=0, lowPrefix=0x631000028800 "press.foo.bar.6057 1 349830001\ncompress.foo.bar.6058 1 349830001\ncompress.foo.bar.6059 1 349830001\ncompress.foo.bar.6060 1 349830001\ncompress.foo.bar.6061 1 349830001\ncompress.foo.bar.6062 1 349830001"..., dictStart=0x0, dictSize=0) at lz4.c:1157 #1 LZ4_decompress_safe (source=0x0, dest=0x631000028800 "press.foo.bar.6057 1 349830001\ncompress.foo.bar.6058 1 349830001\ncompress.foo.bar.6059 1 349830001\ncompress.foo.bar.6060 1 349830001\ncompress.foo.bar.6061 1 349830001\ncompress.foo.bar.6062 1 349830001"..., compressedSize=1253, maxDecompressedSize=65536) at lz4.c:1290 #2 0x00007ffff7560631 in LZ4F_decompress_safe (source=0x0, dest=0x631000028800 "press.foo.bar.6057 1 349830001\ncompress.foo.bar.6058 1 349830001\ncompress.foo.bar.6059 1 349830001\ncompress.foo.bar.6060 1 349830001\ncompress.foo.bar.6061 1 349830001\ncompress.foo.bar.6062 1 349830001"..., compressedSize=1253, maxDecompressedSize=65536, dictStart=0x631000028800 "press.foo.bar.6057 1 349830001\ncompress.foo.bar.6058 1 349830001\ncompress.foo.bar.6059 1 349830001\ncompress.foo.bar.6060 1 349830001\ncompress.foo.bar.6061 1 349830001\ncompress.foo.bar.6062 1 349830001"..., dictSize=0) at lz4frame.c:957 #3 0x00007ffff755595b in LZ4F_decompress (decompressionContext=0x61100000ff40, dstBuffer=0x7fffe8bdd82c, dstSizePtr=0x7ffff0cf96e0, srcBuffer=0x62d000014400, srcSizePtr=0x7ffff0cf96c0, decompressOptionsPtr=0x7ffff0cf8120) at lz4frame.c:1294 Version-Release number of selected component (if applicable): In lz4 from HEAD bug was fixed https://github.com/lz4/lz4/blob/master/lib/lz4.c#L1668 ** Affects: lz4 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1851499 Title: lz4 SIGSEGV in LZ4_decompress_generic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lz4/+bug/1851499/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs