You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
1022 B
33 lines
1022 B
5 years ago
|
From e2a9122b8dde53d320750451e9907a7dcb2ca8bb Mon Sep 17 00:00:00 2001
|
||
|
|
From: Nick Wellnhofer <wellnhofer@aevum.de>
|
||
|
|
Date: Thu, 7 Sep 2017 18:36:01 +0200
|
||
|
|
Subject: [PATCH] Set memory limit for LZMA decompression
|
||
|
|
|
||
|
|
Otherwise malicious LZMA compressed files could consume large amounts
|
||
|
|
of memory when decompressed.
|
||
|
|
|
||
|
|
According to the xz man page, files compressed with `xz -9` currently
|
||
|
|
require 65 MB to decompress, so set the limit to 100 MB.
|
||
|
|
|
||
|
|
Should fix bug 786696.
|
||
|
|
---
|
||
|
|
xzlib.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/xzlib.c b/xzlib.c
|
||
|
|
index 782957f6..f43632bd 100644
|
||
|
|
--- a/xzlib.c
|
||
|
|
+++ b/xzlib.c
|
||
|
|
@@ -408,7 +408,7 @@ xz_head(xz_statep state)
|
||
|
|
state->strm = init;
|
||
|
|
state->strm.avail_in = 0;
|
||
|
|
state->strm.next_in = NULL;
|
||
|
|
- if (lzma_auto_decoder(&state->strm, UINT64_MAX, 0) != LZMA_OK) {
|
||
|
|
+ if (lzma_auto_decoder(&state->strm, 100000000, 0) != LZMA_OK) {
|
||
|
|
xmlFree(state->out);
|
||
|
|
xmlFree(state->in);
|
||
|
|
state->size = 0;
|
||
|
|
--
|
||
|
|
2.22.0
|
||
|
|
|