Pull in inflateGetHeader() buffer overflow fix

author tb <tb@openbsd.org>

Tue, 9 Aug 2022 07:38:25 +0000 (07:38 +0000)

committer tb <tb@openbsd.org>

Tue, 9 Aug 2022 07:38:25 +0000 (07:38 +0000)
author tb <tb@openbsd.org>
Tue, 9 Aug 2022 07:38:25 +0000 (07:38 +0000)
committer tb <tb@openbsd.org>
Tue, 9 Aug 2022 07:38:25 +0000 (07:38 +0000)
diff --git a/gnu/usr.bin/perl/cpan/Compress-Raw-Zlib/zlib-src/inflate.c b/gnu/usr.bin/perl/cpan/Compress-Raw-Zlib/zlib-src/inflate.c

index d5369c2..2060956 100644 (file)
--- a/gnu/usr.bin/perl/cpan/Compress-Raw-Zlib/zlib-src/inflate.c
+++ b/gnu/usr.bin/perl/cpan/Compress-Raw-Zlib/zlib-src/inflate.c
@@ -761,8 +761,9 @@ int ZEXPORT inflate(
                  if (copy > have) copy = have;
                  if (copy) {
                      if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+                           state->head->extra_max) {
                          zmemcpy(state->head->extra + len, next,
                                  len + copy > state->head->extra_max ?
                                  state->head->extra_max - len : copy);