Skip to content

Commit 1218dbb

Browse files
nodejs-github-botmarco-ippolito
nodejs-github-bot
authored and
marco-ippolito
committed
deps: update zlib to 1.3.0.1-motley-780819f
PR-URL: #57768 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
1 parent 0e3cd9e commit 1218dbb

File tree

4 files changed

+58
-9
lines changed

4 files changed

+58
-9
lines changed

deps/zlib/BUILD.gn

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ source_set("zlib_common_headers") {
7070
use_arm_neon_optimizations = false
7171
if ((current_cpu == "arm" || current_cpu == "arm64") &&
7272
!(is_win && !is_clang)) {
73-
# TODO(richard.townsend@arm.com): Optimizations temporarily disabled for
73+
# TODO(ritownsend@google.com): Optimizations temporarily disabled for
7474
# Windows on Arm MSVC builds, see http://crbug.com/v8/10012.
7575
if (arm_use_neon) {
7676
use_arm_neon_optimizations = true

deps/zlib/deflate.c

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -485,14 +485,7 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
485485
s->window = (Bytef *) ZALLOC(strm,
486486
s->w_size + WINDOW_PADDING,
487487
2*sizeof(Byte));
488-
/* Avoid use of unitialized values in the window, see crbug.com/1137613 and
489-
* crbug.com/1144420 */
490-
zmemzero(s->window, (s->w_size + WINDOW_PADDING) * (2 * sizeof(Byte)));
491488
s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
492-
/* Avoid use of uninitialized value, see:
493-
* https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11360
494-
*/
495-
zmemzero(s->prev, s->w_size * sizeof(Pos));
496489
s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
497490

498491
s->high_water = 0; /* nothing written to s->window yet */
@@ -551,6 +544,13 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
551544
deflateEnd (strm);
552545
return Z_MEM_ERROR;
553546
}
547+
/* Avoid use of unitialized values in the window, see crbug.com/1137613 and
548+
* crbug.com/1144420 */
549+
zmemzero(s->window, (s->w_size + WINDOW_PADDING) * (2 * sizeof(Byte)));
550+
/* Avoid use of uninitialized value, see:
551+
* https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11360
552+
*/
553+
zmemzero(s->prev, s->w_size * sizeof(Pos));
554554
#ifdef LIT_MEM
555555
s->d_buf = (ushf *)(s->pending_buf + (s->lit_bufsize << 1));
556556
s->l_buf = s->pending_buf + (s->lit_bufsize << 2);

deps/zlib/patches/0017-deflate-move-zmemzero-after-null-check.patch

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
From 93f86001b67609106c658fe0908a9b7931245b8a Mon Sep 17 00:00:00 2001
2+
From: pedro martelletto <martelletto@google.com>
3+
Date: Thu, 3 Apr 2025 16:46:42 +0000
4+
Subject: [PATCH] [zlib] Deflate: move zmemzero after NULL check
5+
6+
ZALLOC() might fail, in which case dereferencing the returned pointer
7+
results in undefined behaviour. N.B. These conditions are not reachable
8+
from Chromium, as Chromium will abort rather than return nullptr from
9+
malloc. Found by libfido2's fuzz harness.
10+
---
11+
third_party/zlib/deflate.c | 14 +++++++-------
12+
1 file changed, 7 insertions(+), 7 deletions(-)
13+
14+
diff --git a/third_party/zlib/deflate.c b/third_party/zlib/deflate.c
15+
index 8a5281c2b6cd8..49496bb3b0561 100644
16+
--- a/third_party/zlib/deflate.c
17+
+++ b/third_party/zlib/deflate.c
18+
@@ -485,14 +485,7 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
19+
s->window = (Bytef *) ZALLOC(strm,
20+
s->w_size + WINDOW_PADDING,
21+
2*sizeof(Byte));
22+
- /* Avoid use of unitialized values in the window, see crbug.com/1137613 and
23+
- * crbug.com/1144420 */
24+
- zmemzero(s->window, (s->w_size + WINDOW_PADDING) * (2 * sizeof(Byte)));
25+
s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
26+
- /* Avoid use of uninitialized value, see:
27+
- * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11360
28+
- */
29+
- zmemzero(s->prev, s->w_size * sizeof(Pos));
30+
s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
31+
32+
s->high_water = 0; /* nothing written to s->window yet */
33+
@@ -551,6 +544,13 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
34+
deflateEnd (strm);
35+
return Z_MEM_ERROR;
36+
}
37+
+ /* Avoid use of unitialized values in the window, see crbug.com/1137613 and
38+
+ * crbug.com/1144420 */
39+
+ zmemzero(s->window, (s->w_size + WINDOW_PADDING) * (2 * sizeof(Byte)));
40+
+ /* Avoid use of uninitialized value, see:
41+
+ * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11360
42+
+ */
43+
+ zmemzero(s->prev, s->w_size * sizeof(Pos));
44+
#ifdef LIT_MEM
45+
s->d_buf = (ushf *)(s->pending_buf + (s->lit_bufsize << 1));
46+
s->l_buf = s->pending_buf + (s->lit_bufsize << 2);
47+
--
48+
2.49.0.504.g3bcea36a83-goog
49+

src/zlib_version.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,5 @@
22
// Refer to tools/dep_updaters/update-zlib.sh
33
#ifndef SRC_ZLIB_VERSION_H_
44
#define SRC_ZLIB_VERSION_H_
5-
#define ZLIB_VERSION "1.3.0.1-motley-788cb3c"
5+
#define ZLIB_VERSION "1.3.0.1-motley-780819f"
66
#endif // SRC_ZLIB_VERSION_H_

0 commit comments

Comments
 (0)