Update README.md

author: Eugene Kliuchnikov <eustas.ru@gmail.com> 2020-08-26 18:46:19 +0200
committer: GitHub <noreply@github.com> 2020-08-26 18:46:19 +0200
commit: d518e55ba7f335cb318396e47c1e05c4205d6c4b (patch)
tree: 5165b785144d13d76185dd5df83c3a92cac654d5 /README.md
parent: d0529182550129fe047a2d92a132fa14522deda2 (diff)
download: brotli-d518e55ba7f335cb318396e47c1e05c4205d6c4b.zip
brotli-d518e55ba7f335cb318396e47c1e05c4205d6c4b.tar.gz
brotli-d518e55ba7f335cb318396e47c1e05c4205d6c4b.tar.bz2
1 files changed, 6 insertions, 0 deletions
diff --git a/README.md b/README.md
index 017173c..c81b756 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,11 @@
 <p align="center"><img src="https://brotli.org/brotli.svg" alt="Brotli" width="64"></p>
 
+# SECURITY NOTE
+
+Please consider updating brotli to version 1.0.8 (latest).
+
+Version 1.0.8 contains a fix to "integer overflow" problem. This happens when "one-shot" decoding API is used (or input chunk for streaming API is not limited), input size (chunk size) is larger than 2GiB, and input contains uncompressed blocks. After the overflow happens, `memcpy` is invoked with a gigantic `num` value, that will likely cause the crash.
+
 ### Introduction
 
 Brotli is a generic-purpose lossless compression algorithm that compresses data
author	Eugene Kliuchnikov <eustas.ru@gmail.com>	2020-08-26 18:46:19 +0200
committer	GitHub <noreply@github.com>	2020-08-26 18:46:19 +0200
commit	d518e55ba7f335cb318396e47c1e05c4205d6c4b (patch)
tree	5165b785144d13d76185dd5df83c3a92cac654d5 /README.md
parent	d0529182550129fe047a2d92a132fa14522deda2 (diff)
download	brotli-d518e55ba7f335cb318396e47c1e05c4205d6c4b.zip brotli-d518e55ba7f335cb318396e47c1e05c4205d6c4b.tar.gz brotli-d518e55ba7f335cb318396e47c1e05c4205d6c4b.tar.bz2