package/libs/zlib/patches/007-fix-null-dereference-in-fix-CVE-2022-37434.patch

   1 From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001
   2 From: Mark Adler <fork@madler.net>
   3 Date: Mon, 8 Aug 2022 10:50:09 -0700
   4 Subject: [PATCH] Fix extra field processing bug that dereferences NULL
   5  state->head.
   6
   7 The recent commit to fix a gzip header extra field processing bug
   8 introduced the new bug fixed here.
   9 ---
  10  inflate.c | 4 ++--
  11  1 file changed, 2 insertions(+), 2 deletions(-)
  12
  13 diff --git a/inflate.c b/inflate.c
  14 index 7a7289749..2a3c4fe98 100644
  15 --- a/inflate.c
  16 +++ b/inflate.c
  17 @@ -763,10 +763,10 @@ int flush;
  18                  copy = state->length;
  19                  if (copy > have) copy = have;
  20                  if (copy) {
  21 -                    len = state->head->extra_len - state->length;
  22                      if (state->head != Z_NULL &&
  23                          state->head->extra != Z_NULL &&
  24 -                        len < state->head->extra_max) {
  25 +                        (len = state->head->extra_len - state->length) <
  26 +                            state->head->extra_max) {
  27                          zmemcpy(state->head->extra + len, next,
  28                                  len + copy > state->head->extra_max ?
  29                                  state->head->extra_max - len : copy);