Closed
Description
Expected behavior
To protect against OOME the compression and decompression codecs should explicitly limit the amount of data they compress and decompress. We may be vulnerable to OOME from large or malicious input.
Actual behavior
In light of #5997 most of the compression/decompression codecs don't enforce limits on buffer allocation sizes.
Steps to reproduce
N/A
Minimal yet complete reproducer code (or URL to code)
N/A
Netty version
4.1.7-SNAPSHOT
JVM version (e.g. java -version)
N/A
OS version (e.g. uname -a)
N/A
Metadata
Metadata
Assignees
Labels
No labels