From a16f5c7b7c5353cda8c8235d9a6765c7fe3c1231 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Tue, 16 May 2023 15:15:10 +0800
Subject: [PATCH 1/1] Fix a bug when getting a gzip header extra field with
 inflate().

If the extra field was larger than the space the user provided with
inflateGetHeader(), and if multiple calls of inflate() delivered
the extra header data, then there could be a buffer overflow of the
provided space. This commit assures that provided space is not
exceeded.
---
 extra/zlib/zlib-1.2.12/inflate.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/extra/zlib/zlib-1.2.12/inflate.c b/extra/zlib/zlib-1.2.12/inflate.c
index 7be8c636..7a728974 100644
--- a/extra/zlib/zlib-1.2.12/inflate.c
+++ b/extra/zlib/zlib-1.2.12/inflate.c
@@ -763,9 +763,10 @@ int flush;
                 copy = state->length;
                 if (copy > have) copy = have;
                 if (copy) {
+                    len = state->head->extra_len - state->length;
                     if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        len < state->head->extra_max) {
                         zmemcpy(state->head->extra + len, next,
                                 len + copy > state->head->extra_max ?
                                 state->head->extra_max - len : copy);
-- 
2.30.0