Zlib patch: prevent uninitialized use of state->check

This CL fixes a security bug in zlib. It was reported upstream long ago and the testcase was shared upstream but it's yet unsolved. As a fix, state->check is set to the same value as the adler32 of an empty string. Upstream bug: madler/zlib#245 Bug: chromium:697481 https://crbug.com/697481 Reviewed-on: https://chromium-review.googlesource.com/601193 Reviewed-by: Tom Sepez <tsepez@chromium.org> Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
author: Sebastian Pop <s.pop@samsung.com> 2018-12-12 09:35:43 -0600
committer: Hans Kristian Rosbach <hk-github@circlestorm.org> 2018-12-13 09:08:35 +0100
commit: d3714a7bd0b5440a42d91006fc3cbe773174b368 (patch)
tree: 4c85717b74570fc3eb45c26b7a4169615606c160 /inflate.c
parent: 13619fd2b6d0d5e2c2b5d8e8c08bc97097415c11 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/inflate.c b/inflate.c
index 469dde6..cb84adb 100644
--- a/inflate.c
+++ b/inflate.c
@@ -124,6 +124,7 @@ int ZEXPORT PREFIX(inflateResetKeep)(PREFIX3(stream) *strm) {
     if (state->wrap)        /* to support ill-conceived Java test suite */
         strm->adler = state->wrap & 1;
     state->mode = HEAD;
+    state->check = functable.adler32(0L, NULL, 0);
     state->last = 0;
     state->havedict = 0;
     state->dmax = 32768U;
author	Sebastian Pop <s.pop@samsung.com>	2018-12-12 09:35:43 -0600
committer	Hans Kristian Rosbach <hk-github@circlestorm.org>	2018-12-13 09:08:35 +0100
commit	d3714a7bd0b5440a42d91006fc3cbe773174b368 (patch)
tree	4c85717b74570fc3eb45c26b7a4169615606c160 /inflate.c
parent	13619fd2b6d0d5e2c2b5d8e8c08bc97097415c11 (diff)