|author||Tatiana Bradley <firstname.lastname@example.org>||Fri May 06 11:25:06 2022 -0400|
|committer||Michael Knyszek <email@example.com>||Tue Jul 12 15:06:07 2022 +0000|
compress/gzip: fix stack exhaustion bug in Reader.Read Replace recursion with iteration in Reader.Read to avoid stack exhaustion when there are a large number of files. Fixes CVE-2022-30631 Fixes #53168 Change-Id: I47d8afe3f2d40b0213ab61431df9b221794dbfe0 Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1455673 Reviewed-by: Roland Shoemaker <firstname.lastname@example.org> Reviewed-by: Julie Qiu <email@example.com> Reviewed-on: https://go-review.googlesource.com/c/go/+/417067 Reviewed-by: Heschi Kreinick <firstname.lastname@example.org> Run-TryBot: Michael Knyszek <email@example.com> TryBot-Result: Gopher Robot <firstname.lastname@example.org>
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Official binary distributions are available at https://go.dev/dl/.
After downloading a binary release, visit https://go.dev/doc/install for installation instructions.
If a binary distribution is not available for your combination of operating system and architecture, visit https://go.dev/doc/install/source for source installation instructions.
Go is the work of thousands of contributors. We appreciate your help!
To contribute, please read the contribution guidelines at https://go.dev/doc/contribute.
Note that the Go project uses the issue tracker for bug reports and proposals only. See https://go.dev/wiki/Questions for a list of places to ask questions about the Go language.