No, I'm saying that these kind of bugs in compression libraries are very common. We'll pick an open source one of course (we don't want to be in the writing and maintaining compression library business, just like we don't want to be in the crypto business), but we'd also be vulnerable to bugs in upstream if the compression library we use has them.

I don't know what compression library Microsoft is using - probably they wrote their own.