deps: update zlib to 1.3.1-a1f2fe2

Author: nodejs-github-bot

deps/zlib/CMakeLists.txt

@@ -3,7 +3,7 @@ set(CMAKE_ALLOW_LOOSE_LOOP_CONSTRUCTS ON)
 
 project(zlib C)
 
-set(VERSION "1.3.0.1")
+set(VERSION "1.3.1")
 
 set(INSTALL_BIN_DIR "${CMAKE_INSTALL_PREFIX}/bin" CACHE PATH "Installation directory for executables")
 set(INSTALL_LIB_DIR "${CMAKE_INSTALL_PREFIX}/lib" CACHE PATH "Installation directory for libraries")
@@ -267,7 +267,9 @@ if(MINGW)
 endif(MINGW)
 
 add_library(zlib SHARED ${ZLIB_SRCS} ${ZLIB_DLL_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS})
+target_include_directories(zlib PUBLIC ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR})
 add_library(zlibstatic STATIC ${ZLIB_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS})
+target_include_directories(zlibstatic PUBLIC ${CMAKE_CURRENT_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR})
 set_target_properties(zlib PROPERTIES DEFINE_SYMBOL ZLIB_DLL)
 set_target_properties(zlib PROPERTIES SOVERSION 1)
 

deps/zlib/OWNERS

@@ -1,4 +1,3 @@
-[email protected]
 [email protected]
-cblume@chromium.org
-[email protected]
+hans@chromium.org
+[email protected]  #{LAST_RESORT_SUGGESTION}

deps/zlib/README.chromium

@@ -1,9 +1,9 @@
 Name: zlib
 Short Name: zlib
 URL: http://zlib.net/
-Version: 1.3.0.1
-Revision: ac8f12c97d1afd9bafa9c710f827d40a407d3266
-CPEPrefix: cpe:/a:zlib:zlib:1.3.0.1
+Version: 1.3.1
+Revision: 51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf
+CPEPrefix: cpe:/a:zlib:zlib:1.3.1
 Security Critical: yes
 Shipped: yes
 License: Zlib
@@ -21,14 +21,17 @@ also implements the zlib (RFC 1950) and gzip (RFC 1952) wrapper formats.
 Local Modifications:
  - Only source code from the zlib distribution used to build the zlib and
    minizip libraries are present. Many other files have been omitted. Only *.c
-   and *.h files from the upstream root directory and contrib/minizip were
-   imported.
+   and *.h files from the upstream root directory, contrib/minizip and
+   examples/zpipe.c were imported.
+ - The files named '*simd*' are original x86/Arm/RISC-V specific optimizations.
  - The contents of the google directory are original Chromium-specific
    additions.
+ - The contents of the 'contrib' of directory are either Chromium-specific
+   additions or heavily patched zlib files (e.g. inffast_chunk*).
  - Added chromeconf.h
  - Plus the changes in 'patches' folder.
  - Code in contrib/ other than contrib/minizip was added to match zlib's
    contributor layout.
- - In sync with 1.2.13 official release
+ - In sync with 1.3.1 official release
  - ZIP reader modified to allow for progress callbacks during extraction.
  - ZIP reader modified to add detection of AES encrypted content.

deps/zlib/contrib/minizip/README.chromium

@@ -34,3 +34,8 @@ Local Modifications:
   https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT section 4.6.9.
   (see crrev.com/1002476)
   0016-minizip-parse-unicode-path-extra-field.patch
+
+- Added support for zip64 archives that have extra bytes on front (for example,
+  large CRX files).
+  0018-support-prefixed-zip64.patch
+

deps/zlib/contrib/minizip/unzip.c

@@ -482,6 +482,46 @@ local ZPOS64_T unz64local_SearchCentralDir64(const zlib_filefunc64_32_def* pzlib
     if (uL != 1)
         return CENTRALDIRINVALID;
 
+    /* If bytes are pre-pended to the archive, relativeOffset must be advanced
+       by that many bytes. The central dir must exist between the specified
+       relativeOffset and uPosFound. */
+    if (relativeOffset > uPosFound)
+        return CENTRALDIRINVALID;
+    const int BUFSIZE = 1024 * 4;
+    buf = (unsigned char*)ALLOC(BUFSIZE);
+    if (buf==NULL)
+        return CENTRALDIRINVALID;
+    // Zip64 EOCDR is at least 48 bytes long.
+    while (uPosFound - relativeOffset >= 48) {
+        int found = 0;
+        uLong uReadSize = uPosFound - relativeOffset;
+        if (uReadSize > BUFSIZE) {
+            uReadSize = BUFSIZE;
+        }
+        if (ZSEEK64(*pzlib_filefunc_def, filestream, relativeOffset, ZLIB_FILEFUNC_SEEK_SET) != 0) {
+            break;
+        }
+        if (ZREAD64(*pzlib_filefunc_def, filestream, buf, uReadSize) != uReadSize) {
+            break;
+        }
+        for (int i = 0; i < uReadSize - 3; ++i) {
+            // Looking for 0x06064b50, the Zip64 EOCDR signature.
+            if (buf[i] == 0x50 && buf[i + 1] == 0x4b &&
+                buf[i + 2] == 0x06 && buf[i + 3] == 0x06)
+            {
+                relativeOffset += i;
+                found = 1;
+                break;
+            }
+        }
+        if (found) {
+            break;
+        }
+        // Re-read the last 3 bytes, in case they're the front of the signature.
+        relativeOffset += uReadSize - 3;
+    }
+    free(buf);
+
     /* Goto end of central directory record */
     if (ZSEEK64(*pzlib_filefunc_def,filestream, relativeOffset,ZLIB_FILEFUNC_SEEK_SET)!=0)
         return CENTRALDIRINVALID;
@@ -1005,6 +1045,8 @@ local int unz64local_GetCurrentFileInfoInternal(unzFile file,
                     {
                         uLong uSizeRead;
 
+                        file_info.size_filename = fileNameSize;
+
                         if (fileNameSize < fileNameBufferSize)
                         {
                              *(szFileName + fileNameSize) = '\0';

deps/zlib/contrib/tests/fuzzers/BUILD.gn

@@ -43,3 +43,9 @@ fuzzer_test("zlib_deflate_fuzzer") {
   sources = [ "deflate_fuzzer.cc" ]
   deps = [ "../../../:zlib" ]
 }
+
+fuzzer_test("minizip_unzip_fuzzer") {
+  sources = [ "minizip_unzip_fuzzer.cc" ]
+  deps = [ "../../../:minizip" ]
+  include_dirs = [ "//third_party/zlib/contrib/minizip" ]
+}

deps/zlib/contrib/tests/fuzzers/minizip_unzip_fuzzer.cc

@@ -0,0 +1,119 @@
+// Copyright 2025 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <algorithm>
+#include <cstdint>
+#include <cstring>
+#include <vector>
+
+#include "unzip.h"
+
+// Fuzzer builds often have NDEBUG set, so roll our own assert macro.
+#define ASSERT(cond)                                                           \
+  do {                                                                         \
+    if (!(cond)) {                                                             \
+      fprintf(stderr, "%s:%d Assert failed: %s\n", __FILE__, __LINE__, #cond); \
+      exit(1);                                                                 \
+    }                                                                          \
+  } while (0)
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  // Mock read-only filesystem with only one file, file_data. In the calls
+  // below, 'opaque' points to file_data, and 'strm' points to the file's seek
+  // position, which is heap allocated so that failing to "close" it triggers a
+  // leak error.
+  std::vector<uint8_t> file_data(data, data + size);
+  zlib_filefunc64_def file_func = {
+      .zopen64_file = [](void* opaque, const void* filename,
+                         int mode) -> void* {
+        ASSERT(mode == (ZLIB_FILEFUNC_MODE_READ | ZLIB_FILEFUNC_MODE_EXISTING));
+        return new size_t(0);
+      },
+      .zread_file = [](void* opaque, void* strm, void* buf,
+                       uLong size) -> uLong {
+        std::vector<uint8_t>* vec = static_cast<std::vector<uint8_t>*>(opaque);
+        size_t* pos = static_cast<size_t*>(strm);
+        if (*pos >= vec->size()) {
+          return 0;
+        }
+        size = std::min(static_cast<size_t>(size), vec->size() - *pos);
+        memcpy(buf, vec->data() + *pos, size);
+        (*pos) += size;
+        return size;
+      },
+      .zwrite_file = [](void*, void*, const void*, uLong) -> uLong {
+        ASSERT(0 && "Writing is not supported.");
+        return 0;
+      },
+      .ztell64_file = [](void*, void* strm) -> ZPOS64_T {
+        return *static_cast<size_t*>(strm);
+      },
+      .zseek64_file = [](void* opaque, void* strm, ZPOS64_T offset,
+                         int origin) -> long {
+        std::vector<uint8_t>* vec = static_cast<std::vector<uint8_t>*>(opaque);
+        size_t* pos = static_cast<size_t*>(strm);
+        switch (origin) {
+          case ZLIB_FILEFUNC_SEEK_SET:
+            *pos = offset;
+            break;
+          case ZLIB_FILEFUNC_SEEK_CUR:
+            *pos = *pos + offset;
+            break;
+          case ZLIB_FILEFUNC_SEEK_END:
+            *pos = vec->size() + offset;
+            break;
+          default:
+            ASSERT(0 && "Invalid origin");
+        }
+        return 0;
+      },
+      .zclose_file = [](void*, void* strm) -> int {
+        delete static_cast<size_t*>(strm);
+        return 0;
+      },
+      .zerror_file = [](void*, void*) -> int { return 0; },
+      .opaque = &file_data};
+
+  unzFile uzf = unzOpen2_64("foo.zip", &file_func);
+  if (uzf == NULL) {
+    return 0;
+  }
+
+  while (true) {
+    unz_file_info64 info = {0};
+
+    // TODO: Pass nullptrs and different buffer sizes to cover more code.
+    char filename[UINT16_MAX + 1];  // +1 for the null terminator.
+    char extra[UINT16_MAX];         // No null terminator.
+    char comment[UINT16_MAX + 1];   // +1 for the null terminator.
+
+    if (unzGetCurrentFileInfo64(uzf, &info, filename, sizeof(filename), extra,
+                                sizeof(extra), comment, sizeof(comment)) == UNZ_OK) {
+      ASSERT(info.size_filename <= UINT16_MAX);
+      ASSERT(info.size_file_extra <= UINT16_MAX);
+      ASSERT(info.size_file_comment <= UINT16_MAX);
+
+      ASSERT(filename[info.size_filename] == '\0');
+      ASSERT(comment[info.size_file_comment] == '\0');
+    }
+
+    if (unzOpenCurrentFile(uzf) == UNZ_OK) {
+      while (true) {
+        char buffer[4096];
+        int num_read = unzReadCurrentFile(uzf, buffer, sizeof(buffer));
+        if (num_read <= 0) {
+          break;
+        }
+      }
+      unzCloseCurrentFile(uzf);
+    }
+
+    if (unzGoToNextFile(uzf) != UNZ_OK) {
+      break;
+    }
+  }
+
+  unzClose(uzf);
+  return 0;
+}

deps/zlib/deflate.c

@@ -1,5 +1,5 @@
 /* deflate.c -- compress data using the deflation algorithm
- * Copyright (C) 1995-2023 Jean-loup Gailly and Mark Adler
+ * Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h
  */
 
@@ -69,7 +69,7 @@
 #endif
 
 const char deflate_copyright[] =
-   " deflate 1.3.0.1 Copyright 1995-2023 Jean-loup Gailly and Mark Adler ";
+   " deflate 1.3.1 Copyright 1995-2024 Jean-loup Gailly and Mark Adler ";
 /*
   If you use the zlib library in a product, an acknowledgment is welcome
   in the documentation of your product. If for some reason you cannot
@@ -1663,13 +1663,21 @@ local uInt longest_match(deflate_state *s, IPos cur_match) {
  */
 local void check_match(deflate_state *s, IPos start, IPos match, int length) {
     /* check that the match is indeed a match */
-    if (zmemcmp(s->window + match,
-                s->window + start, length) != EQUAL) {
-        fprintf(stderr, " start %u, match %u, length %d\n",
-                start, match, length);
+    Bytef *back = s->window + (int)match, *here = s->window + start;
+    IPos len = length;
+    if (match == (IPos)-1) {
+        /* match starts one byte before the current window -- just compare the
+           subsequent length-1 bytes */
+        back++;
+        here++;
+        len--;
+    }
+    if (zmemcmp(back, here, len) != EQUAL) {
+        fprintf(stderr, " start %u, match %d, length %d\n",
+                start, (int)match, length);
         do {
-            fprintf(stderr, "%c%c", s->window[match++], s->window[start++]);
-        } while (--length != 0);
+            fprintf(stderr, "(%02x %02x)", *back++, *here++);
+        } while (--len != 0);
         z_error("invalid match");
     }
     if (z_verbose > 1) {
@@ -2106,13 +2114,7 @@ local block_state deflate_slow(deflate_state *s, int flush) {
             uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
             /* Do not insert strings in hash table beyond this. */
 
-            if (s->prev_match == -1) {
-                /* The window has slid one byte past the previous match,
-                 * so the first byte cannot be compared. */
-                check_match(s, s->strstart, s->prev_match + 1, s->prev_length - 1);
-            } else {
-                check_match(s, s->strstart - 1, s->prev_match, s->prev_length);
-            }
+            check_match(s, s->strstart - 1, s->prev_match, s->prev_length);
 
             _tr_tally_dist(s, s->strstart - 1 - s->prev_match,
                            s->prev_length - MIN_MATCH, bflush);

deps/zlib/deflate.h

@@ -1,5 +1,5 @@
 /* deflate.h -- internal compression state
- * Copyright (C) 1995-2018 Jean-loup Gailly
+ * Copyright (C) 1995-2024 Jean-loup Gailly
  * For conditions of distribution and use, see copyright notice in zlib.h
  */
 

deps/zlib/google/OWNERS

@@ -2,5 +2,4 @@ [email protected]
 
 # compression_utils*
 [email protected]
-[email protected]
 [email protected]