From 93137e9042bd72b5158eae6175a0c4f2f67bd176 Mon Sep 17 00:00:00 2001
From: Thomas Renninger <trenn@suse.de>
Date: Wed, 29 Oct 2025 10:51:52 +0100
Subject: [PATCH] Fix CVE-2025-62813

This is a backport of lz4 mainline commit:
f64efec011c058bd70348576438abac222fe6c82

Which security people identified as a security vulnerability:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-62813
https://www.cve.org/CVERecord?id=CVE-2025-62813
https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82
---
 util/cbfstool/lz4/lib/lz4frame.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/util/cbfstool/lz4/lib/lz4frame.c b/util/cbfstool/lz4/lib/lz4frame.c
index aef508d8df..15673d4ca6 100644
--- a/util/cbfstool/lz4/lib/lz4frame.c
+++ b/util/cbfstool/lz4/lib/lz4frame.c
@@ -64,6 +64,7 @@ You can contact the author at :
 #include "lz4hc.h"
 #include "xxhash.h"
 
+#include <assert.h>
 
 /**************************************
 *  Basic Types
@@ -930,6 +931,10 @@ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_decompressionContext_t dCtx, LZ4F_frameI
 {
     LZ4F_dctx_t* dctxPtr = (LZ4F_dctx_t*)dCtx;
 
+    assert(dCtx != NULL);
+    if (frameInfoPtr == NULL || srcSizePtr == NULL)
+	    return (size_t)-LZ4F_ERROR_srcPtr_wrong;
+
     if (dctxPtr->dStage > dstage_storeHeader)   /* note : requires dstage_* header related to be at beginning of enum */
     {
         size_t o=0, i=0;