|Reported by:||Igor Živković||Owned by:||Igor Živković|
Changes in 2.07 (25 Jun 2014) * Fixed a potential integer overflow condition in the "safe" decompressor variants which could result in a possible buffer overrun when processing maliciously crafted compressed input data. As this issue only affects 32-bit systems and also can only happen if you use uncommonly huge buffer sizes where you have to decompress more than 16 MiB (2^24 bytes) compressed bytes within a single function call, the practical implications are limited. POTENTIAL SECURITY ISSUE. * Removed support for ancient configurations like 16-bit "huge" pointers - LZO now requires a flat 32-bit or 64-bit memory model. * Assorted cleanups.
Change History (2)
Note: See TracTickets for help on using tickets.