From 7d003affb74349dfb6839f3ac3b067ad67040c4f Mon Sep 17 00:00:00 2001 From: z30034863 Date: Thu, 26 Feb 2026 14:41:43 +0800 Subject: [PATCH] fix cve-2026-27171 Signed-off-by: z30034863 --- crc32.c | 4 ++++ zlib.h | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/crc32.c b/crc32.c index 05a0d81..027b033 100644 --- a/crc32.c +++ b/crc32.c @@ -1030,6 +1030,8 @@ unsigned long ZEXPORT crc32(unsigned long crc, const unsigned char FAR *buf, /* ========================================================================= */ uLong ZEXPORT crc32_combine64(uLong crc1, uLong crc2, z_off64_t len2) { + if (len2 < 0) + return 0; #ifdef DYNAMIC_CRC_TABLE once(&made, make_crc_table); #endif /* DYNAMIC_CRC_TABLE */ @@ -1043,6 +1045,8 @@ uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2) { /* ========================================================================= */ uLong ZEXPORT crc32_combine_gen64(z_off64_t len2) { + if (len2 < 0) + return 0; #ifdef DYNAMIC_CRC_TABLE once(&made, make_crc_table); #endif /* DYNAMIC_CRC_TABLE */ diff --git a/zlib.h b/zlib.h index 8d4b932..8c7f8ac 100644 --- a/zlib.h +++ b/zlib.h @@ -1758,14 +1758,14 @@ ZEXTERN uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2); seq1 and seq2 with lengths len1 and len2, CRC-32 check values were calculated for each, crc1 and crc2. crc32_combine() returns the CRC-32 check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and - len2. len2 must be non-negative. + len2. len2 must be non-negative, otherwise zero is returned. */ /* ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t len2); Return the operator corresponding to length len2, to be used with - crc32_combine_op(). len2 must be non-negative. + crc32_combine_op(). len2 must be non-negative, otherwise zero is returned. */ ZEXTERN uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op);