|
|
|
|
|
|
by vasco
601 days ago
|
|
|
At least on the codebases I've worked on, having limits on time and size of any decompression that you do is something that quickly ends up in some internal utility library and nobody would dare directly uncompress anything. Way before you get zip bombs you usually get curious engineers noticing someone uploaded something a bit larger and that increased some average job time by a lot - which then gets fixed before you get big enough to attract zip bombs. So a zip bomb would just decompress up to whatever internal limit and be discarded. |
|
|