Sync inflateGetHeader() fix from userland

author tb <tb@openbsd.org>

Tue, 9 Aug 2022 07:39:00 +0000 (07:39 +0000)

committer tb <tb@openbsd.org>

Tue, 9 Aug 2022 07:39:00 +0000 (07:39 +0000)
author tb <tb@openbsd.org>
Tue, 9 Aug 2022 07:39:00 +0000 (07:39 +0000)
committer tb <tb@openbsd.org>
Tue, 9 Aug 2022 07:39:00 +0000 (07:39 +0000)
diff --git a/sys/lib/libz/inflate.c b/sys/lib/libz/inflate.c

index 9b69296..529670d 100644 (file)
--- a/sys/lib/libz/inflate.c
+++ b/sys/lib/libz/inflate.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: inflate.c,v 1.18 2022/05/08 14:05:29 tb Exp $ */
+/*     $OpenBSD: inflate.c,v 1.19 2022/08/09 07:39:00 tb Exp $ */
  /* inflate.c -- zlib decompression
   * Copyright (C) 1995-2022 Mark Adler
   * For conditions of distribution and use, see copyright notice in zlib.h
@@ -785,8 +785,9 @@ int flush;
                  if (copy > have) copy = have;
                  if (copy) {
                      if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+                           state->head->extra_max) {
                          zmemcpy(state->head->extra + len, next,
                                  len + copy > state->head->extra_max ?
                                  state->head->extra_max - len : copy);
author	tb <tb@openbsd.org>
	Tue, 9 Aug 2022 07:39:00 +0000 (07:39 +0000)
committer	tb <tb@openbsd.org>
	Tue, 9 Aug 2022 07:39:00 +0000 (07:39 +0000)