From: Hans Kristian Rosbach <hk-git@circlestorm.org>
Date: Mon, 25 Sep 2023 13:23:41 +0000 (+0200)
Subject: Make sure inflateCopy() allocates window with the necessary buffer for chunked operat... 
X-Git-Tag: 2.1.4~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=61e181c8ae93dbf56040336179c9954078bd1399;p=thirdparty%2Fzlib-ng.git

Make sure inflateCopy() allocates window with the necessary buffer for chunked operations.

Based on Chromium bugfix https://chromium-review.googlesource.com/c/chromium/src/+/4876445
---

diff --git a/inflate.c b/inflate.c
index 0cbed041d..a01e10f7a 100644
--- a/inflate.c
+++ b/inflate.c
@@ -1319,8 +1319,6 @@ int32_t Z_EXPORT PREFIX(inflateSyncPoint)(PREFIX3(stream) *strm) {
 int32_t Z_EXPORT PREFIX(inflateCopy)(PREFIX3(stream) *dest, PREFIX3(stream) *source) {
     struct inflate_state *state;
     struct inflate_state *copy;
-    unsigned char *window;
-    unsigned wsize;
 
     /* check input */
     if (inflateStateCheck(source) || dest == NULL)
@@ -1331,15 +1329,6 @@ int32_t Z_EXPORT PREFIX(inflateCopy)(PREFIX3(stream) *dest, PREFIX3(stream) *sou
     copy = ZALLOC_INFLATE_STATE(source);
     if (copy == NULL)
         return Z_MEM_ERROR;
-    window = NULL;
-    if (state->window != NULL) {
-        wsize = 1U << state->wbits;
-        window = (unsigned char *)ZALLOC_WINDOW(source, wsize, sizeof(unsigned char));
-        if (window == NULL) {
-            ZFREE_STATE(source, copy);
-            return Z_MEM_ERROR;
-        }
-    }
 
     /* copy state */
     memcpy((void *)dest, (void *)source, sizeof(PREFIX3(stream)));
@@ -1350,10 +1339,17 @@ int32_t Z_EXPORT PREFIX(inflateCopy)(PREFIX3(stream) *dest, PREFIX3(stream) *sou
         copy->distcode = copy->codes + (state->distcode - state->codes);
     }
     copy->next = copy->codes + (state->next - state->codes);
-    if (window != NULL) {
-        ZCOPY_WINDOW(window, state->window, (size_t)1U << state->wbits);
+
+    /* window */
+    if (state->window != NULL) {
+        copy->window = NULL;
+        if (PREFIX(inflate_ensure_window)(copy)) {
+            ZFREE_STATE(source, copy);
+            return Z_MEM_ERROR;
+        }
+        ZCOPY_WINDOW(copy->window, state->window, (size_t)state->wsize);
     }
-    copy->window = window;
+
     dest->state = (struct internal_state *)copy;
     return Z_OK;
 }