The expected_byte_size passed to a decompression method sometimes directly allocated the specified amount of memory. The expected size is based on information in the file and could be forged to be very large, possibly resulting in denial-of-service attacs. The compression methods should allocate no more than X bytes at one time.
Description
The
expected_byte_size
passed to a decompression method sometimes directly allocated the specified amount of memory. The expected size is based on information in the file and could be forged to be very large, possibly resulting in denial-of-service attacs. The compression methods should allocate no more than X bytes at one time.