3rdparty(zlib): prevent uninitialized use of state->check

ozz-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13317
PR: https://github.com/opencv/opencv/pull/14193
zlib upstream bug: madler/zlib#245
Ported fix: https://chromium.googlesource.com/chromium/src/+/ee376c65abdd5afe787bfb63af9f2e82fdc35c2e

diff --git a/3rdparty/zlib/inflate.c b/3rdparty/zlib/inflate.c
index ac333e8..19a2cf2 100644 (file)
--- a/3rdparty/zlib/inflate.c
+++ b/3rdparty/zlib/inflate.c
@@ -228,6 +228,7 @@ int stream_size;
     state->strm = strm;
     state->window = Z_NULL;
     state->mode = HEAD;     /* to pass state test in inflateReset2() */
+    state->check = 1L;      /* 1L is the result of adler32() zero length data */
     ret = inflateReset2(strm, windowBits);
     if (ret != Z_OK) {
         ZFREE(strm, state);

diff --git a/3rdparty/zlib/patches/20190330-ununitialized-use-state-check.diff b/3rdparty/zlib/patches/20190330-ununitialized-use-state-check.diff
new file mode 100644 (file)
index 0000000..6ecbde2
--- /dev/null
+++ b/3rdparty/zlib/patches/20190330-ununitialized-use-state-check.diff
@@ -0,0 +1,12 @@
+diff --git a/3rdparty/zlib/inflate.c b/3rdparty/zlib/inflate.c
+index ac333e8c2e..19a2cf2ed8 100644
+--- a/3rdparty/zlib/inflate.c
++++ b/3rdparty/zlib/inflate.c
+@@ -228,6 +228,7 @@ int stream_size;
+     state->strm = strm;
+     state->window = Z_NULL;
+     state->mode = HEAD;     /* to pass state test in inflateReset2() */
++    state->check = 1L;      /* 1L is the result of adler32() zero length data */
+     ret = inflateReset2(strm, windowBits);
+     if (ret != Z_OK) {
+         ZFREE(strm, state);