From 3509ab515f29002f64455d6e34e19df0c16b1707 Mon Sep 17 00:00:00 2001
From: Mark Adler <git@madler.net>
Date: Sun, 21 Dec 2025 18:34:14 -0800
Subject: Copy only the initialized window contents in inflateCopy.

To avoid the propagation and possible disclosure of uninitialized
memory contents.
---
 inflate.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/inflate.c b/inflate.c
index 0693c034..301b5e71 100644
--- a/inflate.c
+++ b/inflate.c
@@ -1446,7 +1446,6 @@ int ZEXPORT inflateCopy(z_streamp dest, z_streamp source) {
     struct inflate_state FAR *state;
     struct inflate_state FAR *copy;
     unsigned char FAR *window;
-    unsigned wsize;
 
     /* check input */
     if (inflateStateCheck(source) || dest == Z_NULL)
@@ -1477,10 +1476,8 @@ int ZEXPORT inflateCopy(z_streamp dest, z_streamp source) {
         copy->distcode = copy->codes + (state->distcode - state->codes);
     }
     copy->next = copy->codes + (state->next - state->codes);
-    if (window != Z_NULL) {
-        wsize = 1U << state->wbits;
-        zmemcpy(window, state->window, wsize);
-    }
+    if (window != Z_NULL)
+        zmemcpy(window, state->window, state->whave);
     copy->window = window;
     dest->state = (struct internal_state FAR *)copy;
     return Z_OK;
-- 
cgit v1.2.3-55-g6feb