From 9916750613f2a7c7a7fc44cd44ae169c564257a7 Mon Sep 17 00:00:00 2001
From: nodejs-github-bot <18269663+nodejs-github-bot@users.noreply.github.com>
Date: Sun, 6 Jul 2025 00:41:09 +0000
Subject: [PATCH] deps: update zlib to 1.3.1-3102d2a

---
 deps/zlib/README.chromium                     |   1 +
 deps/zlib/contrib/minizip/README.chromium     |   1 +
 deps/zlib/contrib/minizip/unzip.c             |  12 +++++++--
 deps/zlib/contrib/tests/utils_unittest.cc     |  24 ++++++++++++++++++
 .../test/data/unicode_path_extra_overflow.zip | Bin 0 -> 153 bytes
 deps/zlib/google/test_data.filelist           |   1 +
 ...nizip-parse-unicode-path-extra-field.patch |  24 ++++++++++++++++--
 src/zlib_version.h                            |   2 +-
 8 files changed, 60 insertions(+), 5 deletions(-)
 create mode 100644 deps/zlib/google/test/data/unicode_path_extra_overflow.zip

diff --git a/deps/zlib/README.chromium b/deps/zlib/README.chromium
index 1f7c7460451113..3d2722a7e6d020 100644
--- a/deps/zlib/README.chromium
+++ b/deps/zlib/README.chromium
@@ -3,6 +3,7 @@ Short Name: zlib
 URL: http://zlib.net/
 Version: 1.3.1
 Revision: 51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf
+Update Mechanism: Manual
 CPEPrefix: cpe:/a:zlib:zlib:1.3.1
 Security Critical: yes
 Shipped: yes
diff --git a/deps/zlib/contrib/minizip/README.chromium b/deps/zlib/contrib/minizip/README.chromium
index ee70ec59ad1bf2..0299a7e331f9ee 100644
--- a/deps/zlib/contrib/minizip/README.chromium
+++ b/deps/zlib/contrib/minizip/README.chromium
@@ -3,6 +3,7 @@ Short Name: minizip
 URL: https://github.com/madler/zlib/tree/master/contrib/minizip
 Version: 1.3.1.1
 Revision: ef24c4c7502169f016dcd2a26923dbaf3216748c
+Update Mechanism: Manual
 License: Zlib
 License File: //third_party/zlib/LICENSE
 Shipped: yes
diff --git a/deps/zlib/contrib/minizip/unzip.c b/deps/zlib/contrib/minizip/unzip.c
index 95a945c0ac5fe9..7b04cc1df66dad 100644
--- a/deps/zlib/contrib/minizip/unzip.c
+++ b/deps/zlib/contrib/minizip/unzip.c
@@ -1012,7 +1012,15 @@ local int unz64local_GetCurrentFileInfoInternal(unzFile file,
             {
                 int version = 0;
 
-                if (unz64local_getByte(&s->z_filefunc, s->filestream, &version) != UNZ_OK)
+                if (dataSize < 1 + 4)
+                {
+                    /* dataSize includes version (1 byte), uCrc (4 bytes), and
+                     * the filename data. If it's too small, fileNameSize below
+                     * would overflow. */
+                    err = UNZ_ERRNO;
+                    break;
+                }
+                else if (unz64local_getByte(&s->z_filefunc, s->filestream, &version) != UNZ_OK)
                 {
                     err = UNZ_ERRNO;
                 }
@@ -1032,7 +1040,7 @@ local int unz64local_GetCurrentFileInfoInternal(unzFile file,
                         err = UNZ_ERRNO;
                     }
                     uHeaderCrc = crc32(0, (const unsigned char *)szFileName, file_info.size_filename);
-                    fileNameSize = dataSize - (2 * sizeof (short) + 1);
+                    fileNameSize = dataSize - (1 + 4);  /* 1 for version, 4 for uCrc */
                     /* Check CRC against file name in the header. */
                     if (uHeaderCrc != uCrc)
                     {
diff --git a/deps/zlib/contrib/tests/utils_unittest.cc b/deps/zlib/contrib/tests/utils_unittest.cc
index f487a06996c98b..fb4c3ed43dda7d 100644
--- a/deps/zlib/contrib/tests/utils_unittest.cc
+++ b/deps/zlib/contrib/tests/utils_unittest.cc
@@ -13,6 +13,7 @@
 #if !defined(CMAKE_STANDALONE_UNITTESTS)
 #include "base/files/file_path.h"
 #include "base/files/scoped_temp_dir.h"
+#include "base/path_service.h"
 
 #include "third_party/zlib/contrib/minizip/unzip.h"
 #include "third_party/zlib/contrib/minizip/zip.h"
@@ -1287,4 +1288,27 @@ TEST(ZlibTest, ZipExtraFieldSize) {
   EXPECT_EQ(unzClose(uzf), UNZ_OK);
 }
 
+static base::FilePath TestDataDir() {
+  base::FilePath path;
+  bool success = base::PathService::Get(base::DIR_SRC_TEST_DATA_ROOT, &path);
+  EXPECT_TRUE(success);
+  return path
+      .AppendASCII("third_party")
+      .AppendASCII("zlib")
+      .AppendASCII("google")
+      .AppendASCII("test")
+      .AppendASCII("data");
+}
+
+TEST(ZlibTest, ZipUnicodePathExtraSizeFilenameOverflow) {
+  // This is based on components/test/data/unzip_service/bug953599.zip (added
+  // in https://crrev.com/1004132), with the Unicode Path Extra Field's
+  // dataSize hex edited to four.
+  base::FilePath zip_file = TestDataDir().AppendASCII("unicode_path_extra_overflow.zip");
+  unzFile uzf = unzOpen(zip_file.AsUTF8Unsafe().c_str());
+  ASSERT_NE(uzf, nullptr);
+  EXPECT_EQ(unzGoToFirstFile(uzf), UNZ_ERRNO);
+  EXPECT_EQ(unzClose(uzf), UNZ_OK);
+}
+
 #endif
diff --git a/deps/zlib/google/test/data/unicode_path_extra_overflow.zip b/deps/zlib/google/test/data/unicode_path_extra_overflow.zip
new file mode 100644
index 0000000000000000000000000000000000000000..36d525b99b902586ef2194ebd73bae7d1a8f7970
GIT binary patch
literal 153
zcmWIWW@h1HW&nZ<g%kbu=+v`u0@)zU4a6t@DV+Fs;-6kgMakQ#b6#y-`+E6=0B=Sn
zduCjE#DTg%K%wDeBZx*ap|pU7f$?SW{u6JSI}~28+3}`j4#?mDZ&o&tN=6_I0MbSv
H4g(heqj)TT

literal 0
HcmV?d00001

diff --git a/deps/zlib/google/test_data.filelist b/deps/zlib/google/test_data.filelist
index 5b29f3665e3e70..bee908dea60ea8 100644
--- a/deps/zlib/google/test_data.filelist
+++ b/deps/zlib/google/test_data.filelist
@@ -37,3 +37,4 @@ test/data/test_encrypted.zip
 test/data/test_mismatch_size.zip
 test/data/test_nocompress.zip
 test/data/test_posix_permissions.zip
+test/data/unicode_path_extra_overflow.zip
diff --git a/deps/zlib/patches/0016-minizip-parse-unicode-path-extra-field.patch b/deps/zlib/patches/0016-minizip-parse-unicode-path-extra-field.patch
index 73ea055d5bbd30..fbdbde2b173a24 100644
--- a/deps/zlib/patches/0016-minizip-parse-unicode-path-extra-field.patch
+++ b/deps/zlib/patches/0016-minizip-parse-unicode-path-extra-field.patch
@@ -35,6 +35,18 @@ Date:   Fri May 16 15:48:19 2025 +0200
     Change-Id: Ifab65f470736b45b1b51a1cc130a5753a2b20583
     Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6553931
 
+commit 9f6e08ef47d3bc9438fdc3b1ab77126a7b36cce9
+Author: Hans Wennborg <hans@chromium.org>
+Date:   Thu Jul 3 17:47:55 2025 +0200
+
+    [minizip] Fix Unicode Path Extra Field filename length overflow
+
+    If dataSize is too small, fileNameSize would overflow.
+
+    Bug: 428744375
+    Change-Id: I714fc1e30cb1634c31cb97ce87be225518368e57
+    Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6701714
+
 diff --git a/third_party/zlib/contrib/minizip/unzip.c b/third_party/zlib/contrib/minizip/unzip.c
 index c8a01b23efd42..42677cff82c96 100644
 --- a/third_party/zlib/contrib/minizip/unzip.c
@@ -74,7 +86,15 @@ index c8a01b23efd42..42677cff82c96 100644
 +            {
 +                int version = 0;
 +
-+                if (unz64local_getByte(&s->z_filefunc, s->filestream, &version) != UNZ_OK)
++                if (dataSize < 1 + 4)
++                {
++                    /* dataSize includes version (1 byte), uCrc (4 bytes), and
++                     * the filename data. If it's too small, fileNameSize below
++                     * would overflow. */
++                    err = UNZ_ERRNO;
++                    break;
++                }
++                else if (unz64local_getByte(&s->z_filefunc, s->filestream, &version) != UNZ_OK)
 +                {
 +                    err = UNZ_ERRNO;
 +                }
@@ -94,7 +114,7 @@ index c8a01b23efd42..42677cff82c96 100644
 +                        err = UNZ_ERRNO;
 +                    }
 +                    uHeaderCrc = crc32(0, (const unsigned char *)szFileName, file_info.size_filename);
-+                    fileNameSize = dataSize - (2 * sizeof (short) + 1);
++                    fileNameSize = dataSize - (1 + 4);  /* 1 for version, 4 for uCrc */
 +                    /* Check CRC against file name in the header. */
 +                    if (uHeaderCrc != uCrc)
 +                    {
diff --git a/src/zlib_version.h b/src/zlib_version.h
index 67856b28ad6146..51f2d62c403513 100644
--- a/src/zlib_version.h
+++ b/src/zlib_version.h
@@ -2,5 +2,5 @@
 // Refer to tools/dep_updaters/update-zlib.sh
 #ifndef SRC_ZLIB_VERSION_H_
 #define SRC_ZLIB_VERSION_H_
-#define ZLIB_VERSION "1.3.1-470d3a2"
+#define ZLIB_VERSION "1.3.1-3102d2a"
 #endif  // SRC_ZLIB_VERSION_H_