File CVE-2026-27171.patch of Package zlib.42836

From ba829a458576d1ff0f26fc7230c6de816d1f6a77 Mon Sep 17 00:00:00 2001
From: Mark Adler <git@madler.net>
Date: Sun, 21 Dec 2025 18:17:56 -0800
Subject: [PATCH] Check for negative lengths in crc32_combine functions.

Though zlib.h says that len2 must be non-negative, this avoids the
possibility of an accidental infinite loop.
---
 crc32.c | 4 ++++
 zlib.h  | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

Index: b/crc32.c
===================================================================
--- a/crc32.c
+++ b/crc32.c
@@ -1100,6 +1100,8 @@ uLong ZEXPORT crc32_combine64(crc1, crc2
     uLong crc2;
     z_off64_t len2;
 {
+    if (len2 < 0)
+        return 0;
 #ifdef DYNAMIC_CRC_TABLE
     once(&made, make_crc_table);
 #endif /* DYNAMIC_CRC_TABLE */
@@ -1119,6 +1121,8 @@ uLong ZEXPORT crc32_combine(crc1, crc2,
 uLong ZEXPORT crc32_combine_gen64(len2)
     z_off64_t len2;
 {
+    if (len2 < 0)
+        return 0;
 #ifdef DYNAMIC_CRC_TABLE
     once(&made, make_crc_table);
 #endif /* DYNAMIC_CRC_TABLE */
Index: b/zlib.h
===================================================================
--- a/zlib.h
+++ b/zlib.h
@@ -1759,14 +1759,14 @@ ZEXTERN uLong ZEXPORT crc32_combine OF((
    seq1 and seq2 with lengths len1 and len2, CRC-32 check values were
    calculated for each, crc1 and crc2.  crc32_combine() returns the CRC-32
    check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and
-   len2.
+   len2. len2 must be non-negative, otherwise zero is returned.
 */
 
 /*
 ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t len2));
 
      Return the operator corresponding to length len2, to be used with
-   crc32_combine_op().
+   crc32_combine_op(). len2 must be non-negative, otherwise zero is returned.
 */
 
 ZEXTERN uLong ZEXPORT crc32_combine_op OF((uLong crc1, uLong crc2, uLong op));