decoder. There's no danger of information leak here, so
it isn't required. Doing memzero() takes a lot of time
with large dictionaries, which could make it easier to
construct DoS attack to consume too much CPU time.
return LZMA_MEM_ERROR;
}
- // Clean up the buffers to make it very sure that there are
- // no information leaks when multiple steams are decoded
- // with the same decoder structures.
- memzero(lz->dict, dict_real_size);
+ // Clean up the temporary buffer to make it very sure that there are
+ // no information leaks when multiple steams are decoded with the
+ // same decoder structures.
memzero(lz->temp, LZMA_BUFFER_SIZE);
// Reset the variables so that lz_get_byte(lz, 0) will return '\0'.