File CVE-2025-1744.patch of Package radare2

From e64c606b1342a4c0ab2c35ef5146b69667dcd43a Mon Sep 17 00:00:00 2001
From: tabudz <tanb74653@gmail.com>
Date: Tue, 18 Feb 2025 11:28:15 +0800
Subject: [PATCH] Fix a bug when getting a gzip header extra field with
 inflate(). If the extra field was larger than the space the user provided
 with inflateGetHeader(), and if multiple calls of inflate() delivered the
 extra header data, then there could be a buffer overflow of the provided
 space. This commit assures that provided space is not exceeded.

---
 shlr/zip/zlib/inflate.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/shlr/zip/zlib/inflate.c b/shlr/zip/zlib/inflate.c
index e9ed74cff3279..2ecfb4876d155 100644
--- a/shlr/zip/zlib/inflate.c
+++ b/shlr/zip/zlib/inflate.c
@@ -755,9 +755,10 @@ int ZEXPORT inflate(z_streamp strm, int flush)
                 copy = state->length;
                 if (copy > have) copy = have;
                 if (copy) {
+                    len = state->head->extra_len - state->length;
                     if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        len < state->head->extra_max) {
                         zmemcpy(state->head->extra + len, next,
                                 len + copy > state->head->extra_max ?
                                 state->head->extra_max - len : copy);