From ce01054ec3f8f8d03fba434de94ab00118c16593 Mon Sep 17 00:00:00 2001
From: Toomas Soome <tsoome@me.com>
Date: Fri, 12 Feb 2016 16:31:23 +0100
Subject: [PATCH] lz4: Fix pointer overflow

---
 grub-core/fs/zfs/zfs_lz4.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/grub-core/fs/zfs/zfs_lz4.c b/grub-core/fs/zfs/zfs_lz4.c
index 1212a8986..2f73449f0 100644
--- a/grub-core/fs/zfs/zfs_lz4.c
+++ b/grub-core/fs/zfs/zfs_lz4.c
@@ -184,6 +184,8 @@ LZ4_uncompress_unknownOutputSize(const char *source,
 			}
 		}
 		/* copy literals */
+		if ((grub_addr_t) length > ~(grub_addr_t)op)
+		  goto _output_error;
 		cpy = op + length;
 		if ((cpy > oend - COPYLENGTH) ||
 		    (ip + length > iend - COPYLENGTH)) {