Revert "Merge patch series "zlib: Address CVE-2016-9841""
This series brings our zlib code more up to date. However, it drops an
important performance improvement that is required on some of our
supported platforms in order to boot Linux before the watchdog resets
the system. Furthermore, the "post increment" version of this
performance loop was not tested, so while we can fix it, it would then
require re-testing all platforms. At this point in time, we will revert
updating zlib (which has had a potential security issue since 2016) and
fix this in the v2024.10 release.
This reverts commit 4914263c9a14315390d3ccc4816cf3a94cfd156d, reversing
changes made to ef8ef5f77c9a998f76a48277a883af1645b54117.
Reported-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Tom Rini <trini@konsulko.com>
diff --git a/lib/zlib/inflate.c b/lib/zlib/inflate.c
index f7e81fc..8f767b7 100644
--- a/lib/zlib/inflate.c
+++ b/lib/zlib/inflate.c
@@ -21,7 +21,7 @@
state->head = Z_NULL;
state->wsize = 0;
state->whave = 0;
- state->wnext = 0;
+ state->write = 0;
state->hold = 0;
state->bits = 0;
state->lencode = state->distcode = state->next = state->codes;
@@ -30,11 +30,14 @@
return Z_OK;
}
-int ZEXPORT inflateInit2_(z_streamp strm, int windowBits,
+int ZEXPORT inflateInit2_(z_streamp strm, int windowBits, const char *version,
int stream_size)
{
struct inflate_state FAR *state;
+ if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
+ stream_size != (int)(sizeof(z_stream)))
+ return Z_VERSION_ERROR;
if (strm == Z_NULL) return Z_STREAM_ERROR;
strm->msg = Z_NULL; /* in case we return an error */
if (strm->zalloc == (alloc_func)0) {
@@ -67,9 +70,9 @@
return inflateReset(strm);
}
-int ZEXPORT inflateInit_(z_streamp strm, int stream_size)
+int ZEXPORT inflateInit_(z_streamp strm, const char *version, int stream_size)
{
- return inflateInit2_(strm, DEF_WBITS, stream_size);
+ return inflateInit2_(strm, DEF_WBITS, version, stream_size);
}
local void fixedtables(struct inflate_state FAR *state)
@@ -112,7 +115,7 @@
/* if window not in use yet, initialize */
if (state->wsize == 0) {
state->wsize = 1U << state->wbits;
- state->wnext = 0;
+ state->write = 0;
state->whave = 0;
}
@@ -120,22 +123,22 @@
copy = out - strm->avail_out;
if (copy >= state->wsize) {
zmemcpy(state->window, strm->next_out - state->wsize, state->wsize);
- state->wnext = 0;
+ state->write = 0;
state->whave = state->wsize;
}
else {
- dist = state->wsize - state->wnext;
+ dist = state->wsize - state->write;
if (dist > copy) dist = copy;
- zmemcpy(state->window + state->wnext, strm->next_out - copy, dist);
+ zmemcpy(state->window + state->write, strm->next_out - copy, dist);
copy -= dist;
if (copy) {
zmemcpy(state->window, strm->next_out - copy, copy);
- state->wnext = copy;
+ state->write = copy;
state->whave = state->wsize;
}
else {
- state->wnext += dist;
- if (state->wnext == state->wsize) state->wnext = 0;
+ state->write += dist;
+ if (state->write == state->wsize) state->write = 0;
if (state->whave < state->wsize) state->whave += dist;
}
}
@@ -820,12 +823,12 @@
copy = out - left;
if (state->offset > copy) { /* copy from window */
copy = state->offset - copy;
- if (copy > state->wnext) {
- copy -= state->wnext;
+ if (copy > state->write) {
+ copy -= state->write;
from = state->window + (state->wsize - copy);
}
else
- from = state->window + (state->wnext - copy);
+ from = state->window + (state->write - copy);
if (copy > state->length) copy = state->length;
}
else { /* copy from output */