New security rules

[icy17]

There are some security rules that are missing in the documentation. I believe incorporating these rules could help developers learn how to correctly use APIs and reduce the risk of security issues. Additionally, this will help developers to detect API misuse effectively. I will provide a table describing the missing security rules:

API	parameter index (begin with 1)	Security rules
crc32	1	parameter must be initialized using xxx (other API)
inflate	1	parameter must be initialized using xxx (other API)
deflateEnd	1	parameter must be initialized using xxx (other API)
gzclose	1	parameter must be initialized using xxx (other API)
deflateReset	1	parameter must be initialized using xxx (other API)
gzread	1	parameter must be initialized using xxx (other API)
compress2	1	parameter must be initialized using xxx (other API)
gzclose	1	parameter must not be used later (without re-initialize)
gzopen	2	The caller MUST NOT assign a null pointer to the parameter

[icy17]

Hi, I'm not sure how to submit patches to supplement the documentation, so I'll provide some types of rules I've written based on other documentations. I'm not certain if they are appropriate, and if you find them acceptable, I can provide additional rules for other APIs in the same manner. For API deflateEnd and deflateReset: The strm should be obtained from deflateInit. For gzclose: The caller should not attempt to use the fd after invoking gzclose.

[madler]

I don't understand what these are for.

[icy17]

I noticed that the documentation does not include these descriptions to avoid security issues. Although these descriptions may seem like common sense, they could help some developers use the API correctly.

[madler]

I believe that all of the constraints on the use of the functions is documented in zlib.h. I do not plan to include a table that repeats those constraints. If you find a particular constraint that is missing from the documentation that you think should be there, please let me know. Thank you for your suggestion.