It seems this binding is using the unsafe version of the decoder (LZ4_uncompress). As a consequence, a malicious user could slip-in some forged input to trigger an attack.
As a way to improve security, it would be better to use the safe version instead.
The safe version is called LZ4_decompress_safe().
It's also recommended to update the C source to r119, which improves security for 32-bits systems.
The text was updated successfully, but these errors were encountered:
It seems this binding is using the unsafe version of the decoder (LZ4_uncompress). As a consequence, a malicious user could slip-in some forged input to trigger an attack.
As a way to improve security, it would be better to use the safe version instead.
The safe version is called LZ4_decompress_safe().
It's also recommended to update the C source to r119, which improves security for 32-bits systems.
The text was updated successfully, but these errors were encountered: