[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] libxc: add LZ4 decompression support

On Tue, 2013-09-24 at 21:55 +0200, Yann Collet wrote:
> Consequently, a compressed-block of size 0 is not supposed to exist
> (break format).

Unfortunately an attacker is free to break the format. The question is
what will the decoder do when faced with such invalid inputs?

It seems like such concerns were not considered at all during
implementation? (which is fair enough, since the data stream is
implicitly trusted in the original target use case)


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.