!44 【LTS3.0】【安全扫描】【必现】组件zlib扫描发现新增漏洞CVE-2022-37434

Merge pull request !44 from 喻腾傲/OpenHarmony-3.0-LTS

!44 【LTS3.0】【安全扫描】【必现】组件zlib扫描发现新增漏洞CVE-2022-37434
Merge pull request !44 from 喻腾傲/OpenHarmony-3.0-LTS
baa3fd40 · openharmony_ci · Gitee · 10fbcc8c · 62b3fbcf · baa3fd40
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

inflate.c inflate.c +3 -2

未找到文件。
--- a/inflate.c
+++ b/inflate.c
@@ -759,8 +759,9 @@ int flush;
                if (copy > have) copy = have;
                if (copy) {
                    if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+                            state->head->extra_max) {
                        zmemcpy(state->head->extra + len, next,
                                len + copy > state->head->extra_max ?
                                state->head->extra_max - len : copy);