Opened 10 years ago
Closed 10 years ago
#5210 closed enhancement (fixed)
lzo-2.07
Reported by: | Igor Živković | Owned by: | Igor Živković |
---|---|---|---|
Priority: | normal | Milestone: | 7.6 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
Changes in 2.07 (25 Jun 2014) * Fixed a potential integer overflow condition in the "safe" decompressor variants which could result in a possible buffer overrun when processing maliciously crafted compressed input data. As this issue only affects 32-bit systems and also can only happen if you use uncommonly huge buffer sizes where you have to decompress more than 16 MiB (2^24 bytes) compressed bytes within a single function call, the practical implications are limited. POTENTIAL SECURITY ISSUE. * Removed support for ancient configurations like 16-bit "huge" pointers - LZO now requires a flat 32-bit or 64-bit memory model. * Assorted cleanups.
Change History (2)
comment:1 by , 10 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 10 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at r13326.