jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-04-28 05:25:19 +00:00
Code Issues Actions 21 Packages Projects Releases Wiki Activity

deps: update zlib to 1.3.0.1-motley-780819f
Some checks are pending
Coverage Linux (without intl) / coverage-linux-without-intl (push) Waiting to run
Details
Coverage Linux / coverage-linux (push) Waiting to run
Details
Coverage Windows / coverage-windows (push) Waiting to run
Details
Test and upload documentation to artifacts / build-docs (push) Waiting to run
Details
Linters / lint-addon-docs (push) Waiting to run
Details
Linters / lint-cpp (push) Waiting to run
Details
Linters / format-cpp (push) Waiting to run
Details
Linters / lint-js-and-md (push) Waiting to run
Details
Linters / lint-py (push) Waiting to run
Details
Linters / lint-yaml (push) Waiting to run
Details
Linters / lint-sh (push) Waiting to run
Details
Linters / lint-codeowners (push) Waiting to run
Details
Linters / lint-pr-url (push) Waiting to run
Details
Linters / lint-readme (push) Waiting to run
Details
Notify on Push / Notify on Force Push on `main` (push) Waiting to run
Details
Notify on Push / Notify on Push on `main` that lacks metadata (push) Waiting to run
Details
Scorecard supply-chain security / Scorecard analysis (push) Waiting to run
Details

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/57768
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
This commit is contained in:
Node.js GitHub Bot 2025-04-18 09:22:02 -04:00 committed by GitHub
parent 6cdcaa9653
commit 52d95f53e4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 58 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deps/zlib/BUILD.gn vendored
View File

@ -70,7 +70,7 @@ source_set("zlib_common_headers") {
use_arm_neon_optimizations = false
if ((current_cpu == "arm" || current_cpu == "arm64") &&
!(is_win && !is_clang)) {
# TODO(richard.townsend@arm.com): Optimizations temporarily disabled for
# TODO(ritownsend@google.com): Optimizations temporarily disabled for
# Windows on Arm MSVC builds, see http://crbug.com/v8/10012.
if (arm_use_neon) {
use_arm_neon_optimizations = true

14
deps/zlib/deflate.c vendored
View File

@ -485,14 +485,7 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
s->window = (Bytef *) ZALLOC(strm,
s->w_size + WINDOW_PADDING,
2*sizeof(Byte));
/* Avoid use of unitialized values in the window, see crbug.com/1137613 and
* crbug.com/1144420 */
zmemzero(s->window, (s->w_size + WINDOW_PADDING) * (2 * sizeof(Byte)));
s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
/* Avoid use of uninitialized value, see:
* https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11360
*/
zmemzero(s->prev, s->w_size * sizeof(Pos));
s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
s->high_water = 0; /* nothing written to s->window yet */
@ -551,6 +544,13 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
deflateEnd (strm);
return Z_MEM_ERROR;
}
/* Avoid use of unitialized values in the window, see crbug.com/1137613 and
* crbug.com/1144420 */
zmemzero(s->window, (s->w_size + WINDOW_PADDING) * (2 * sizeof(Byte)));
/* Avoid use of uninitialized value, see:
* https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11360
*/
zmemzero(s->prev, s->w_size * sizeof(Pos));
#ifdef LIT_MEM
s->d_buf = (ushf *)(s->pending_buf + (s->lit_bufsize << 1));
s->l_buf = s->pending_buf + (s->lit_bufsize << 2);

49
deps/zlib/patches/0017-deflate-move-zmemzero-after-null-check.patch vendored Normal file
View File

@ -0,0 +1,49 @@
From 93f86001b67609106c658fe0908a9b7931245b8a Mon Sep 17 00:00:00 2001
From: pedro martelletto <martelletto@google.com>
Date: Thu, 3 Apr 2025 16:46:42 +0000
Subject: [PATCH] [zlib] Deflate: move zmemzero after NULL check
ZALLOC() might fail, in which case dereferencing the returned pointer
results in undefined behaviour. N.B. These conditions are not reachable
from Chromium, as Chromium will abort rather than return nullptr from
malloc. Found by libfido2's fuzz harness.
---
third_party/zlib/deflate.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/third_party/zlib/deflate.c b/third_party/zlib/deflate.c
index 8a5281c2b6cd8..49496bb3b0561 100644
--- a/third_party/zlib/deflate.c
+++ b/third_party/zlib/deflate.c
@@ -485,14 +485,7 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
s->window = (Bytef *) ZALLOC(strm,
s->w_size + WINDOW_PADDING,
2*sizeof(Byte));
- /* Avoid use of unitialized values in the window, see crbug.com/1137613 and
- * crbug.com/1144420 */
- zmemzero(s->window, (s->w_size + WINDOW_PADDING) * (2 * sizeof(Byte)));
s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
- /* Avoid use of uninitialized value, see:
- * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11360
- */
- zmemzero(s->prev, s->w_size * sizeof(Pos));
s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
s->high_water = 0; /* nothing written to s->window yet */
@@ -551,6 +544,13 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
deflateEnd (strm);
return Z_MEM_ERROR;
}
+ /* Avoid use of unitialized values in the window, see crbug.com/1137613 and
+ * crbug.com/1144420 */
+ zmemzero(s->window, (s->w_size + WINDOW_PADDING) * (2 * sizeof(Byte)));
+ /* Avoid use of uninitialized value, see:
+ * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11360
+ */
+ zmemzero(s->prev, s->w_size * sizeof(Pos));
#ifdef LIT_MEM
s->d_buf = (ushf *)(s->pending_buf + (s->lit_bufsize << 1));
s->l_buf = s->pending_buf + (s->lit_bufsize << 2);
--
2.49.0.504.g3bcea36a83-goog

2
src/zlib_version.h
View File

@ -2,5 +2,5 @@
// Refer to tools/dep_updaters/update-zlib.sh
#ifndef SRC_ZLIB_VERSION_H_
#define SRC_ZLIB_VERSION_H_
#define ZLIB_VERSION "1.3.0.1-motley-788cb3c"
#define ZLIB_VERSION "1.3.0.1-motley-780819f"
#endif // SRC_ZLIB_VERSION_H_