Opened 5 years ago
Closed 5 years ago
#13973 closed enhancement (fixed)
brotli-v-1.0.9
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | high | Milestone: | 10.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (5)
comment:1 by , 5 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 5 years ago
| Summary: | brotli-v-1.0.8 → brotli-v-1.0.9 |
|---|
comment:3 by , 5 years ago
SECURITY NOTE
Please consider updating brotli to version 1.0.9 (latest).
Version 1.0.9 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding API is used (or input chunk for streaming API is not limited), input size (chunk size) is larger than 2GiB, and input contains uncompressed blocks. After the overflow happens, memcpy is invoked with a gigantic num value, that will likely cause the crash.
SECURITY: decoder: fix integer overflow when input chunk is larger than 2GiB
Other changes:
- add support WASM (emscripten) build
- brotli -v now reports raw / compressed size
- build files / docs maintenance
- reduce sources tarball size
- decoder: minor speed / memory usage improvements
- encoder: fix rare access to uninitialized data in ring-buffer
- encoder: improve support for platforms that does not have log2
- encoder: better support for MSVC (replacement for builtin_clz and builtin_ctzll
- python: decompress now reports error if there is unused after the end of compressed input
Note:
See TracTickets
for help on using tickets.
Now version 1.0.9.