bundled zlib is missing an upstream UB fix

[jmatthew]

Version

v12.22.7

Platform

OpenBSD hostname 7.0 GENERIC.MP#107 amd64

Subsystem

No response

What steps will reproduce the bug?

The bundled zlib is missing this fix: https://chromium.googlesource.com/chromium/src.git/+/e0f88a903fdcb6c772de1929834a73d1662d509a%5E%21/

The consequences of which can be experienced in real life by running pacote.extract("https://registry.npmjs.org/bower/-/bower-1.8.13.tgz", "/tmp/zzzz") on a platform where memcpy() with overlapping source and destination is a fatal error, such as OpenBSD. On OpenBSD, the node process will abort, writing "node: backwards memcpy" to the system logs.

How often does it reproduce? Is there a required condition?

No response

What is the expected behavior?

No response

What do you see instead?

Welcome to Node.js v12.22.7.
Type ".help" for more information.

const pacote = require('pacote')
undefined
pacote.extract("https://registry.npmjs.org/bower/-/bower-1.8.13.tgz", "/tmp/zzzz");
Promise { }
Abort trap (core dumped)

Additional information

No response

[targos]

Is it related to the error we get with asan in #40238 (comment) ?

[jmatthew]

it's the same copy operation that produces that error.

[targos]

PR to update zlib: #41745

[MylesBorins]

Closing as #41745 landed

[MylesBorins]

nvm I realize that didn't land

[lpinca]

Closing as #45387 landed.