Opened 11 months ago
Closed 11 months ago
New point version.
Now version 1.0.9.
Please consider updating brotli to version 1.0.9 (latest).
Version 1.0.9 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding API is used (or input chunk for streaming API is not limited), input size (chunk size) is larger than 2GiB, and input contains uncompressed blocks. After the overflow happens, memcpy is invoked with a gigantic num value, that will likely cause the crash.
SECURITY: decoder: fix integer overflow when input chunk is larger than 2GiB
Mark as high due to integer overflow issue.
Fixed at revision 23689.
Powered by Trac 1.5.3.dev0
By Edgewall Software
© 1998-2021 Gerard Beekmans.