Commit e2a9122b authored by Nick Wellnhofer's avatar Nick Wellnhofer

Set memory limit for LZMA decompression

Otherwise malicious LZMA compressed files could consume large amounts
of memory when decompressed.

According to the xz man page, files compressed with `xz -9` currently
require 65 MB to decompress, so set the limit to 100 MB.

Should fix bug 786696.
parent 0fcab658
......@@ -408,7 +408,7 @@ xz_head(xz_statep state)
state->strm = init;
state->strm.avail_in = 0;
state->strm.next_in = NULL;
if (lzma_auto_decoder(&state->strm, UINT64_MAX, 0) != LZMA_OK) {
if (lzma_auto_decoder(&state->strm, 100000000, 0) != LZMA_OK) {
xmlFree(state->out);
xmlFree(state->in);
state->size = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment