zlib crash bug

15 views
Skip to first unread message

Josh Bressers

unread,
Mar 25, 2022, 10:01:04 AMMar 25
to GSD
Hi all,

I just ran across this

And it got me thinking. I wonder if it would be worth watching certain git repos for keywords like "crash". I suspect any zlib bug that involves a crash of any sort is something we would want to flag.

Thoughts?

-- 
     Josh

Kurt Seifried

unread,
Mar 25, 2022, 10:09:11 AMMar 25
to Josh Bressers, GSD
I think for libraries that MUST parse untrusted input (e.g. compression libraries, AV scanners, email clients, web clients, etc.) to be of any use, or are commonly used to process untrusted input this makes sense. At a minimum the crash indicates the system can't process/scan/etc and it may fail open (pass it through), or end up in a DoS situation. Either way I expect things like gzip/tar to never puke.

Reply all
Reply to author
Forward
0 new messages