Update brotli to v1.0.9

google / ngx_brotli

NGINX module for Brotli compression

BSD 2-Clause "Simplified" License

2.1k stars 216 forks source link

Update brotli to v1.0.9 #109

Closed hkraal closed 4 years ago

hkraal commented 4 years ago

Brotli should be updated to the patched version;

Version 1.0.9 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding API is used (or input chunk for streaming API is not limited), input size (chunk size) is larger than 2GiB, and input contains uncompressed blocks. After the overflow happens, memcpy is invoked with a gigantic num value, that will likely cause the crash.

PR is underway

eustas commented 4 years ago

Fixed bug does not affect the plugin... But OK.