search

rust-lang / flate2-rs

DEFLATE, gzip, and zlib bindings for Rust
https://docs.rs/flate2
Apache License 2.0
891 stars 158 forks source link

are the decoders hardened against zip-bomb-like behavior? #260

Closed behzadnouri closed 3 years ago

behzadnouri commented 3 years ago

Or any other known vulnerabilities when decompressing bytes?

alexcrichton commented 3 years ago

Currently there's no extra safeties in this crate itself, you'd need to audit the implementations that this crate wraps.