I will probably look into LZMA in the next quarter in combination with https://bugzilla.mozilla.org/show_bug.cgi?id=366559
/cd On Jun 12, 2013, at 11:35 AM, Jonathan Kew <[email protected]> wrote: > I notice that we don't currently use LZMA (de)compression anywhere in Gecko, > AFAICS. > > The proposed WOFF 2.0 format[1], under discussion in the W3C webfonts working > group, includes the use of the LZMA entropy coder as a better-compressing > alternative to zlib. > > If the proposed spec goes forward and we implement this, it will mean > exposing the LZMA decoder to untrusted data from the Web (i.e. webfont > resources). Do we have any insight into the reliability/security of the LZMA > code[2], or any experience of testing (fuzzing, etc) to determine whether we > can safely use this library in a web-exposed way? > > Any insight or advice would be welcome... > > JK > > [1] http://lists.w3.org/Archives/Public/www-font/2012JanMar/0002.html > [2] http://www.7-zip.org/sdk.html > _______________________________________________ > dev-security mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security
_______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
