13 Aug
2013
13 Aug
'13
1:01 a.m.
[sending, now subscribed so mailman won't yell at me]
This series fixes gzip, lzma, and lzo to not overflow when writing to output buffers. Without this, it might be possible for untrusted compressed input to overflow the buffers used to hold the decompressed image.
To catch these conditions, I added a series of compression tests available in the sandbox build. Without the fixes in patches 3, 4, and 5, the overflows are visible.
Thanks,
-Kees