D issues are now tracked on GitHub. This Bugzilla instance remains as a read-only archive.
Issue 23288 - zlib: Fix potential buffer overflow
Summary: zlib: Fix potential buffer overflow
Status: RESOLVED FIXED
Alias: None
Product: D
Classification: Unclassified
Component: phobos (show other issues)
Version: D2
Hardware: All All
: P1 normal
Assignee: No Owner
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-08 19:10 UTC by Brian Callahan
Modified: 2022-08-10 12:22 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Brian Callahan 2022-08-08 19:10:21 UTC 
Hello --

There is a potential buffer overflow in Phobos's built-in zlib.

The fix is here:
https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1

However, that fix broke curl, which prompted a further fix:
https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d

I have a combined diff prepared.
Comment 1 Dlang Bot 2022-08-10 12:22:08 UTC 
dlang/phobos pull request #8528 "Fix Issue 23288 - zlib: Fix potential buffer overflow" was merged into master:

- 720f2183eb96e9477f713f08ac67b1c26b12f942 by Brian Callahan:
  Fix Issue 23288 - zlib: Fix potential buffer overflow

https://github.com/dlang/phobos/pull/8528