diff options
author | Eugene Kliuchnikov <eustas.ru@gmail.com> | 2020-08-26 18:46:19 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-26 18:46:19 +0200 |
commit | d518e55ba7f335cb318396e47c1e05c4205d6c4b (patch) | |
tree | 5165b785144d13d76185dd5df83c3a92cac654d5 /README.md | |
parent | d0529182550129fe047a2d92a132fa14522deda2 (diff) | |
download | brotli-d518e55ba7f335cb318396e47c1e05c4205d6c4b.zip brotli-d518e55ba7f335cb318396e47c1e05c4205d6c4b.tar.gz brotli-d518e55ba7f335cb318396e47c1e05c4205d6c4b.tar.bz2 |
Update README.md
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -1,5 +1,11 @@ <p align="center"><img src="https://brotli.org/brotli.svg" alt="Brotli" width="64"></p> +# SECURITY NOTE + +Please consider updating brotli to version 1.0.8 (latest). + +Version 1.0.8 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding API is used (or input chunk for streaming API is not limited), input size (chunk size) is larger than 2GiB, and input contains uncompressed blocks. After the overflow happens, `memcpy` is invoked with a gigantic `num` value, that will likely cause the crash. + ### Introduction Brotli is a generic-purpose lossless compression algorithm that compresses data |