зеркало из https://github.com/mozilla/gecko-dev.git
3dba77a779
Disallows files from referencing the same bytes in the content blocks of a MAR file by storing a list of structs containing a file's byte offsets and lengths. A list was chosen since the cap of 256 files wouldn't produce considerable overhead when extracting/reading/searching/etc through the archive. Removing the ability for a MAR file to reference the same content block repeatedly seems like a better solution than what was suggested in the BLRG report. (limiting the number of files or checking for overly large decompressed files) Allows us to prohibit this type of file bomb while only losing an attribute of the MAR file format that wasn't being leveraged. The fix is applied in mar_enum_items and mar_find_item so that the manifest the updater uses is equally safeguarded as the mar host tool. Differential Revision: https://phabricator.services.mozilla.com/D11706 --HG-- extra : moz-landing-system : lando |
||
|---|---|---|
| .. | ||
| brotli | ||
| fdlibm | ||
| freetype2 | ||
| libjar | ||
| libmar | ||
| libpref | ||
| pdfium | ||
| woff2 | ||
| xz-embedded | ||
| zlib | ||
| moz.build | ||