--- linux-master/lib/lzo/lzo1x_decompress_safe.c.orig	2014-07-01 14:10:48.000000000 -0700
+++ linux-master/lib/lzo/lzo1x_decompress_safe.c	2014-07-02 09:35:52.000000000 -0700
@@ -21,11 +21,11 @@
 
 #define HAVE_IP(t, x)					\
 	(((size_t)(ip_end - ip) >= (size_t)(t + x)) &&	\
-	 (((t + x) >= t) && ((t + x) >= x)))
+	 (((SIZE_MAX - x) >= t)))
 
 #define HAVE_OP(t, x)					\
 	(((size_t)(op_end - op) >= (size_t)(t + x)) &&	\
-	 (((t + x) >= t) && ((t + x) >= x)))
+	 (((SIZE_MAX - x) >= t)))
 
 #define NEED_IP(t, x)					\
 	do {						\
@@ -45,6 +45,13 @@
 			goto lookbehind_overrun;	\
 	} while (0)
 
+#define TEST_T(t)					\
+	do {						\
+		if ((t) > (SIZE_MAX - 512))		\
+			goto output_overrun;		\
+	} while (0)
+
+
 int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
 			  unsigned char *out, size_t *out_len)
 {
@@ -80,6 +87,7 @@ int lzo1x_decompress_safe(const unsigned
 						ip++;
 						NEED_IP(1, 0);
 					}
+					TEST_T(t);
 					t += 15 + *ip++;
 				}
 				t += 3;
@@ -141,6 +149,7 @@ copy_literal_run:
 					ip++;
 					NEED_IP(1, 0);
 				}
+				TEST_T(t);
 				t += 31 + *ip++;
 				NEED_IP(2, 0);
 			}
@@ -159,6 +168,7 @@ copy_literal_run:
 					ip++;
 					NEED_IP(1, 0);
 				}
+				TEST_T(t);
 				t += 7 + *ip++;
 				NEED_IP(2, 0);
 			}