From: Sebastian Pop <s.pop@samsung.com>
Date: Wed, 12 Dec 2018 15:35:43 +0000 (-0600)
Subject: Zlib patch: prevent uninitialized use of state->check
X-Git-Tag: 1.9.9-b1~586
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d3714a7bd0b5440a42d91006fc3cbe773174b368;p=thirdparty%2Fzlib-ng.git

Zlib patch: prevent uninitialized use of state->check

This CL fixes a security bug in zlib. It was reported upstream long ago
and the testcase was shared upstream but it's yet unsolved. As a fix,
state->check is set to the same value as the adler32 of an empty string.

Upstream bug: madler/zlib#245

Bug: chromium:697481 https://crbug.com/697481
Reviewed-on: https://chromium-review.googlesource.com/601193
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Adam Langley <agl@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
---

diff --git a/inflate.c b/inflate.c
index 469dde6e2..cb84adb6d 100644
--- a/inflate.c
+++ b/inflate.c
@@ -124,6 +124,7 @@ int ZEXPORT PREFIX(inflateResetKeep)(PREFIX3(stream) *strm) {
     if (state->wrap)        /* to support ill-conceived Java test suite */
         strm->adler = state->wrap & 1;
     state->mode = HEAD;
+    state->check = functable.adler32(0L, NULL, 0);
     state->last = 0;
     state->havedict = 0;
     state->dmax = 32768U;