File CVE-2022-37434-extra-header-2.patch of Package zlib.26517

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2022-37434-extra-header-2.patch of Package zlib.26517

From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
From: Mark Adler <fork@madler.net>
Date: Mon, 8 Aug 2022 10:50:09 -0700
Subject: [PATCH 2/2] Fix extra field processing bug that dereferences NULL
 state->head.

The recent commit to fix a gzip header extra field processing bug
introduced the new bug fixed here.
---
 inflate.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/inflate.c b/inflate.c
index 7a72897..2a3c4fe 100644
--- a/inflate.c
+++ b/inflate.c
@@ -763,10 +763,10 @@ int flush;
                 copy = state->length;
                 if (copy > have) copy = have;
                 if (copy) {
-                    len = state->head->extra_len - state->length;
                     if (state->head != Z_NULL &&
                         state->head->extra != Z_NULL &&
-                        len < state->head->extra_max) {
+                        (len = state->head->extra_len - state->length) <
+                            state->head->extra_max) {
                         zmemcpy(state->head->extra + len, next,
                                 len + copy > state->head->extra_max ?
                                 state->head->extra_max - len : copy);
-- 
2.37.1

Places

File CVE-2022-37434-extra-header-2.patch of Package zlib.26517

Places