Opened 10 years ago
Closed 10 years ago
#5210 closed enhancement (fixed)
lzo-2.07
| Reported by: | Igor Živković | Owned by: | Igor Živković |
|---|---|---|---|
| Priority: | normal | Milestone: | 7.6 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Changes in 2.07 (25 Jun 2014)
* Fixed a potential integer overflow condition in the "safe" decompressor
variants which could result in a possible buffer overrun when
processing maliciously crafted compressed input data.
As this issue only affects 32-bit systems and also can only happen if
you use uncommonly huge buffer sizes where you have to decompress more
than 16 MiB (2^24 bytes) compressed bytes within a single function call,
the practical implications are limited.
POTENTIAL SECURITY ISSUE.
* Removed support for ancient configurations like 16-bit "huge" pointers -
LZO now requires a flat 32-bit or 64-bit memory model.
* Assorted cleanups.
Change History (2)
comment:1 by , 10 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 10 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at r13326.