From 3f5af05ce0a79edb8ab7606a968e2ff2617f1972 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 9 Aug 2022 07:39:00 +0000
Subject: [PATCH] Sync inflateGetHeader() fix from userland

---
 sys/lib/libz/inflate.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/sys/lib/libz/inflate.c b/sys/lib/libz/inflate.c
index 9b6929637dc..529670d268a 100644
--- a/sys/lib/libz/inflate.c
+++ b/sys/lib/libz/inflate.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: inflate.c,v 1.18 2022/05/08 14:05:29 tb Exp $ */
+/*	$OpenBSD: inflate.c,v 1.19 2022/08/09 07:39:00 tb Exp $ */
 /* inflate.c -- zlib decompression
  * Copyright (C) 1995-2022 Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h
@@ -785,8 +785,9 @@ int flush;
                 if (copy > have) copy = have;
                 if (copy) {
                     if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+			    state->head->extra_max) {
                         zmemcpy(state->head->extra + len, next,
                                 len + copy > state->head->extra_max ?
                                 state->head->extra_max - len : copy);
-- 
2.20.1