!46 【3.1-Release】【安全扫描】【必现】组件zlib扫描发现新增漏洞CVE-2022-37434

Merge pull request !46 from 喻腾傲/OpenHarmony-3.1-Release

!46 【3.1-Release】【安全扫描】【必现】组件zlib扫描发现新增漏洞CVE-2022-37434
Merge pull request !46 from 喻腾傲/OpenHarmony-3.1-Release
0f847b04 · openharmony_ci · Gitee · ae017ea8 · 27c08ab0 · 0f847b04
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

inflate.c inflate.c +3 -2

未找到文件。
--- a/inflate.c
+++ b/inflate.c
@@ -759,8 +759,9 @@ int flush;
                if (copy > have) copy = have;
                if (copy) {
                    if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
+                        state->head->extra != Z_NULL &&
-                        len = state->head->extra_len - state->length;
+                        (len = state->head->extra_len - state->length) <
+                            state->head->extra_max) {
                        zmemcpy(state->head->extra + len, next,
                                len + copy > state->head->extra_max ?
                                state->head->extra_max - len : copy);