RFC 1950/Inflator feedback needed

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

RFC 1950/Inflator feedback needed

Jeffrey Walton-3
Hi Everyone,

We started fuzzing some of the reverse transformations, like Decryptors, Gunzip and Inflator. Inflator generated a finding at https://github.com/weidai11/cryptopp/issues/414. Our fix was to throw if the index looked bad. Also see https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e.

I know the fix avoids the error. The problem is, we may have hit with a sledge hammer when all we needed was some delicacy. Unfortunately, I don't know compressors and decompressors that well, so I'm not in a position to say.

My question is, is it possible to recover from the error? Can we size the tree table larger so that it can accommodate a 31-bit bit distance? Any Pull Requests?


You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.