Set memory limit for LZMA decompression

Otherwise malicious LZMA compressed files could consume large amounts of memory when decompressed. According to the xz man page, files compressed with `xz -9` currently require 65 MB to decompress, so set the limit to 100 MB. Should fix bug 786696.
2025-03-19 14:50:07 +03:00 · 2017-09-07 18:36:01 +02:00 · 2017-09-07 18:36:01 +02:00 · e2a9122b8d
commit e2a9122b8d
parent 0fcab658a2
1 changed files with 1 additions and 1 deletions
--- a/xzlib.c
+++ b/xzlib.c
@ -408,7 +408,7 @@ xz_head(xz_statep state)
        state->strm = init;
        state->strm.avail_in = 0;
        state->strm.next_in = NULL;
-        if (lzma_auto_decoder(&state->strm, UINT64_MAX, 0) != LZMA_OK) {
+        if (lzma_auto_decoder(&state->strm, 100000000, 0) != LZMA_OK) {
            xmlFree(state->out);
            xmlFree(state->in);
            state->size = 0;