Copy only the initialized window contents in inflateCopy.

To avoid the propagation and possible disclosure of uninitialized memory contents.
author: Mark Adler <git@madler.net> 2025-12-21 18:34:14 -0800
committer: Mark Adler <git@madler.net> 2026-01-05 15:03:04 -0600
commit: 3509ab515f29002f64455d6e34e19df0c16b1707 (patch)
tree: 5b1ac9ac0ce8e64fc58b3454a721e21d966d32b5
parent: ba829a458576d1ff0f26fc7230c6de816d1f6a77 (diff)
download: zlib-3509ab515f29002f64455d6e34e19df0c16b1707.tar.gz
zlib-3509ab515f29002f64455d6e34e19df0c16b1707.tar.bz2
zlib-3509ab515f29002f64455d6e34e19df0c16b1707.zip
1 files changed, 2 insertions, 5 deletions
diff --git a/inflate.c b/inflate.c
index 0693c03..301b5e7 100644
--- a/inflate.c
+++ b/inflate.c
@@ -1446,7 +1446,6 @@ int ZEXPORT inflateCopy(z_streamp dest, z_streamp source) {
    struct inflate_state FAR *state;
    struct inflate_state FAR *copy;
    unsigned char FAR *window;
-    unsigned wsize;
    /* check input */
    if (inflateStateCheck(source) || dest == Z_NULL)
@@ -1477,10 +1476,8 @@ int ZEXPORT inflateCopy(z_streamp dest, z_streamp source) {
        copy->distcode = copy->codes + (state->distcode - state->codes);
    }
    copy->next = copy->codes + (state->next - state->codes);
-    if (window != Z_NULL) {
+    if (window != Z_NULL)
-        wsize = 1U << state->wbits;
+        zmemcpy(window, state->window, state->whave);
-        zmemcpy(window, state->window, wsize);
-    }
    copy->window = window;
    dest->state = (struct internal_state FAR *)copy;
    return Z_OK;
author	Mark Adler <git@madler.net>	2025-12-21 18:34:14 -0800
committer	Mark Adler <git@madler.net>	2026-01-05 15:03:04 -0600
commit	3509ab515f29002f64455d6e34e19df0c16b1707 (patch)
tree	5b1ac9ac0ce8e64fc58b3454a721e21d966d32b5
parent	ba829a458576d1ff0f26fc7230c6de816d1f6a77 (diff)
download	zlib-3509ab515f29002f64455d6e34e19df0c16b1707.tar.gz zlib-3509ab515f29002f64455d6e34e19df0c16b1707.tar.bz2 zlib-3509ab515f29002f64455d6e34e19df0c16b1707.zip