From 420d0d50bcdc47c793157c2f1e143136eafa6500 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9mi=20Verschelde?= Date: Thu, 31 Mar 2022 14:14:05 +0200 Subject: zlib/minizip: Update to version 1.2.12 Security update, fixes CVE-2018-25032 in zlib. Preliminary assessment doesn't show Godot as affected since we don't seem to call `deflate` with the problematic parameters, but the extent of the vulnerability is not fully clear upstream yet. --- thirdparty/zlib/gzlib.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'thirdparty/zlib/gzlib.c') diff --git a/thirdparty/zlib/gzlib.c b/thirdparty/zlib/gzlib.c index 4105e6aff9..dddaf26873 100644 --- a/thirdparty/zlib/gzlib.c +++ b/thirdparty/zlib/gzlib.c @@ -1,11 +1,11 @@ /* gzlib.c -- zlib functions common to reading and writing gzip files - * Copyright (C) 2004-2017 Mark Adler + * Copyright (C) 2004-2019 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ #include "gzguts.h" -#if defined(_WIN32) && !defined(__BORLANDC__) && !defined(__MINGW32__) +#if defined(_WIN32) && !defined(__BORLANDC__) # define LSEEK _lseeki64 #else #if defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0 @@ -81,6 +81,8 @@ local void gz_reset(state) state->past = 0; /* have not read past end yet */ state->how = LOOK; /* look for gzip header */ } + else /* for writing ... */ + state->reset = 0; /* no deflateReset pending */ state->seek = 0; /* no seek request pending */ gz_error(state, Z_OK, NULL); /* clear error */ state->x.pos = 0; /* no uncompressed data yet */ @@ -397,7 +399,7 @@ z_off64_t ZEXPORT gzseek64(file, offset, whence) /* if within raw area while reading, just go there */ if (state->mode == GZ_READ && state->how == COPY && state->x.pos + offset >= 0) { - ret = LSEEK(state->fd, offset - state->x.have, SEEK_CUR); + ret = LSEEK(state->fd, offset - (z_off64_t)state->x.have, SEEK_CUR); if (ret == -1) return -1; state->x.have = 0; -- cgit v1.2.3