From d9c3d157c62e842897d4447db717f813810e1423 Mon Sep 17 00:00:00 2001
From: Zezeng Wang <51382517@qq.com>
Date: Thu, 17 Oct 2024 16:03:40 +0800
Subject: [PATCH] Fix CVE-2021-3520 affected components Lz4 1.9.3 in p7zip17
 (#239)

---
 C/lz4/lz4.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/C/lz4/lz4.c b/C/lz4/lz4.c
index 9f5e9bfa..eac0541b 100644
--- a/C/lz4/lz4.c
+++ b/C/lz4/lz4.c
@@ -1749,7 +1749,7 @@ LZ4_decompress_generic(
                  const size_t dictSize         /* note : = 0 if noDict */
                  )
 {
-    if (src == NULL) { return -1; }
+    if ((src == NULL) || (outputSize < 0)) { return -1; }
 
     {   const BYTE* ip = (const BYTE*) src;
         const BYTE* const iend = ip + srcSize;