Skip to content

Compression/Decompression Codecs should enforce memory allocation size limits #6168

Closed
@Scottmitch

Description

@Scottmitch

Expected behavior

To protect against OOME the compression and decompression codecs should explicitly limit the amount of data they compress and decompress. We may be vulnerable to OOME from large or malicious input.

Actual behavior

In light of #5997 most of the compression/decompression codecs don't enforce limits on buffer allocation sizes.

Steps to reproduce

N/A

Minimal yet complete reproducer code (or URL to code)

N/A

Netty version

4.1.7-SNAPSHOT

JVM version (e.g. java -version)

N/A

OS version (e.g. uname -a)

N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions