File CVE-2025-1744.patch of Package radare2

commit e64c606b1342a4c0ab2c35ef5146b69667dcd43a
Author: tabudz <tanb74653@gmail.com>
Date:   Tue Feb 18 11:28:15 2025 +0800

    Fix a bug when getting a gzip header extra field with inflate().
    If the extra field was larger than the space the user provided with
    inflateGetHeader(), and if multiple calls of inflate() delivered
    the extra header data, then there could be a buffer overflow of the
    provided space. This commit assures that provided space is not
    exceeded.

diff --git a/shlr/zip/zlib/inflate.c b/shlr/zip/zlib/inflate.c
index e9ed74cff3..2ecfb4876d 100644
--- a/shlr/zip/zlib/inflate.c
+++ b/shlr/zip/zlib/inflate.c
@@ -755,9 +755,10 @@ int ZEXPORT inflate(z_streamp strm, int flush)
                 copy = state->length;
                 if (copy > have) copy = have;
                 if (copy) {
+                    len = state->head->extra_len - state->length;
                     if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        len < state->head->extra_max) {
                         zmemcpy(state->head->extra + len, next,
                                 len + copy > state->head->extra_max ?
                                 state->head->extra_max - len : copy);