From 768b5c3a5caa5b6aeff7225af7384939fbd8c56b Mon Sep 17 00:00:00 2001
From: tabudz <tanb74653@gmail.com>
Date: Wed, 26 Feb 2025 19:18:48 +0800
Subject: [PATCH] Fix a bug when getting a gzip header extra field with
 inflate().

If the extra field was larger than the space the user provided with
inflateGetHeader(), and if multiple calls of inflate() delivered
the extra header data, then there could be a buffer overflow of the
provided space. This commit assures that provided space is not
exceeded.
---
 deps/zlib/inflate.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/deps/zlib/inflate.c b/deps/zlib/inflate.c
index ac333e8c2..d758a1cc8 100644
--- a/deps/zlib/inflate.c
+++ b/deps/zlib/inflate.c
@@ -758,9 +758,10 @@ int flush;
                 copy = state->length;
                 if (copy > have) copy = have;
                 if (copy) {
+                    len = state->head->extra_len - state->length;
                     if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        len < state->head->extra_max) {
                         zmemcpy(state->head->extra + len, next,
                                 len + copy > state->head->extra_max ?
                                 state->head->extra_max - len : copy);