From 93409b8e64a9bc3c271ab4a7489b59a43bc0d048 Mon Sep 17 00:00:00 2001
From: DeeJayLSP <djlsplays@gmail.com>
Date: Wed, 30 Nov 2022 11:16:31 -0300
Subject: zlib/minizip: Update to version 1.2.13, remove zlib from freetype
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Security update, fixes CVE-2022-37434 in zlib.

Only applications exposing/using `inflateGetHeader()` seem to be affected,
which is not our case, so this is not critical for Godot.

Remove duplicated copy of zlib in freetype sources to force using the updated
version in `thirdparty/zlib/`.

Co-authored-by: Rémi Verschelde <rverschelde@gmail.com>
---
 thirdparty/zlib/inflate.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'thirdparty/zlib/inflate.c')

diff --git a/thirdparty/zlib/inflate.c b/thirdparty/zlib/inflate.c
index 7be8c63662..8acbef44e9 100644
--- a/thirdparty/zlib/inflate.c
+++ b/thirdparty/zlib/inflate.c
@@ -168,6 +168,8 @@ int windowBits;
 
     /* extract wrap request from windowBits parameter */
     if (windowBits < 0) {
+        if (windowBits < -15)
+            return Z_STREAM_ERROR;
         wrap = 0;
         windowBits = -windowBits;
     }
@@ -764,8 +766,9 @@ int flush;
                 if (copy > have) copy = have;
                 if (copy) {
                     if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+                            state->head->extra_max) {
                         zmemcpy(state->head->extra + len, next,
                                 len + copy > state->head->extra_max ?
                                 state->head->extra_max - len : copy);
-- 
cgit v1.2.3