-
-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
prevent decompression DoS issues #3257
Comments
Also removed lzo from: |
As for brotli, those concerned about memory bombs can disable it until we implement #3258. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Both the lz4 and zlib compressors now prevent decompressing packets that would consume too much memory: 83c72ba.
The default value is 256MB, which is enough for 8K in 32-bit BGRA format: 768043204 is ~128MB.
Unfortunately:
lzo
doesn't have the ability to limit its output size - perhaps it should be retired? (lz4
does everything better)brotli
doesn't expose this ability through the python wrapper? https://github.com/google/brotli/blob/master/python/brotli.pyThe text was updated successfully, but these errors were encountered: