Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request from GHSA-grg4-wf29-r9vv
Motivation: We should do the Bzip2 decoding in a streaming fashion and so ensure we propagate the buffer as soon as possible through the pipeline. This allows the users to release these buffers as fast as possible. Modification: - Change the Bzip2Decoder to do the decompression of data in a streaming fashion. - Add some safety check to ensure the block length never execeeds the maximum (as defined in the spec) Result: No more risk of an OOME by decompress some large data via bzip2. Thanks to Ori Hollander of JFrog Security for reporting the issue. (we got acquired during the process and now Vdoo is part of JFrog company)
- Loading branch information
1 parent
deb0489
commit 41d3d61
Showing
3 changed files
with
15 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters