--- a/src/common/pg_lzcompress.c	2023-10-18 12:34:30.616000000 +0000
+++ b/src/common/pg_lzcompress.c	2023-10-18 12:48:09.968000000 +0000
@@ -761,7 +761,12 @@
 					/*
 					 * We can safely copy "off" bytes since that clearly
 					 * results in non-overlapping source and destination.
+					 * Check for corrupt data: if we fall before the beginning of the
+					 * destination, we have problems.
 					 */
+					if (dp - off < dest) {
+						return -1;
+					}
 					memcpy(dp, dp - off, off);
 					len -= off;
 					dp += off;
@@ -792,6 +797,13 @@
 					 */
 					off += off;
 				}
+				/*
+				 * Check for corrupt data: if we fall before the beginning of the
+				 * destination, we have problems.
+				 */
+				if (dp - off < dest) {
+					return -1;
+				}
 				memcpy(dp, dp - off, len);
 				dp += len;
 			}