You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1022 B
32 lines
1022 B
From e2a9122b8dde53d320750451e9907a7dcb2ca8bb Mon Sep 17 00:00:00 2001 |
|
From: Nick Wellnhofer <wellnhofer@aevum.de> |
|
Date: Thu, 7 Sep 2017 18:36:01 +0200 |
|
Subject: [PATCH] Set memory limit for LZMA decompression |
|
|
|
Otherwise malicious LZMA compressed files could consume large amounts |
|
of memory when decompressed. |
|
|
|
According to the xz man page, files compressed with `xz -9` currently |
|
require 65 MB to decompress, so set the limit to 100 MB. |
|
|
|
Should fix bug 786696. |
|
--- |
|
xzlib.c | 2 +- |
|
1 file changed, 1 insertion(+), 1 deletion(-) |
|
|
|
diff --git a/xzlib.c b/xzlib.c |
|
index 782957f6..f43632bd 100644 |
|
--- a/xzlib.c |
|
+++ b/xzlib.c |
|
@@ -408,7 +408,7 @@ xz_head(xz_statep state) |
|
state->strm = init; |
|
state->strm.avail_in = 0; |
|
state->strm.next_in = NULL; |
|
- if (lzma_auto_decoder(&state->strm, UINT64_MAX, 0) != LZMA_OK) { |
|
+ if (lzma_auto_decoder(&state->strm, 100000000, 0) != LZMA_OK) { |
|
xmlFree(state->out); |
|
xmlFree(state->in); |
|
state->size = 0; |
|
-- |
|
2.22.0 |
|
|
|
|