I wrote: > Robert Haas <robertmh...@gmail.com> writes: >> But there is a privilege boundary between the sender and the receiver. >> What's alleged here is that the sender can do a thing which causes the >> receiver to burn through tons of memory. It doesn't help anything to >> say, well, the sender ought to use a window size of N or less. What if >> they don't?
> The receiver rejects the data as though it were corrupt. (Having said that, I don't know whether it's possible for the user of libzstd to specify such behavior. But if it isn't, that's a CVE-worthy problem in libzstd.) regards, tom lane