diff options
| author | tabudz <64760144+tabudz@users.noreply.github.com> | 2025-03-10 04:27:37 +0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-09 22:27:37 +0100 |
| commit | 0b2443176885debf7896df5bf694b0ec3e75e789 (patch) | |
| tree | 93aa57fd59b12fb8b9402c4b01041a98550db79d /deps | |
| parent | 5ec85e527aa78d14c2f7e845f043b440fde31ccd (diff) | |
fix(deps/zlib): CVE-2022-37434: Potential Vulnerability in Cloned Function (#21599)
https://nvd.nist.gov/vuln/detail/CVE-2022-37434
madler/zlib@eff308a
Diffstat (limited to 'deps')
| -rw-r--r-- | deps/zlib/inflate.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/deps/zlib/inflate.c b/deps/zlib/inflate.c index 7be8c63662..7a72897492 100644 --- a/deps/zlib/inflate.c +++ b/deps/zlib/inflate.c @@ -763,9 +763,10 @@ int flush; copy = state->length; if (copy > have) copy = have; if (copy) { + len = state->head->extra_len - state->length; if (state->head != Z_NULL && - state->head->extra != Z_NULL) { - len = state->head->extra_len - state->length; + state->head->extra != Z_NULL && + len < state->head->extra_max) { zmemcpy(state->head->extra + len, next, len + copy > state->head->extra_max ? state->head->extra_max - len : copy); |