It seems to be fixed already in v1.0.8.
It seems to be fixed already in v1.0.8.
You'd better report it on bzip2 bugzilla as bzip2 moved definitely to sourceware.
A memory leak in line 430 of bzip2recover.c In the bsOpenReadStream function, the memory pointer is obtained by malloc and finally assigned to bsIn, but since there is no free memory pointer, the memory leak is eventually caused. When reading some special bz2 files, it will cause the program to crash, as follows An attacker can cause a target service denial of service by uploading or sending a specially constructed bz2 file. Attachments is the sample file. In addition, I found that there are many...
Improve portability of Makefile
Add .gitattributes file
Bzip2 official website
The sourceware project isn't new. It is old before the original bzip.org site and it's latest version is 1.0.2. This project was created in order to have an active place for the current library and I used SorceForge because the bzip.org site points to SourceForge for the download. Neustradamus is working on moving the active development to github.
Bzip2 official website
Pristine 1.0.6 source