Claude Code reported: **Severity:** Low — technically undefined behavior but zlib handles it gracefully **Type:** Logic bug (not a crash) **Reproducible:** Always present in code, but does not trigger ASAN ### Location **File:** `Source/WebCore/Modules/compression/ZStream.cpp`, line 83 ```cpp ZStream::~ZStream() { if (m_isInitialized) deflateEnd(&m_stream); // BUG: always calls deflateEnd, even for inflate streams } ``` ### Root cause The `ZStream` class tracks `m_isInitialized` (bool) but does not track the `Operation` type (Compression vs Decompression). The destructor unconditionally calls `deflateEnd()`. For decompression streams initialized via `inflateInit2()`, the correct call is `inflateEnd()`. Per the zlib API, calling `deflateEnd()` on an inflate stream is undefined behavior. In practice, zlib's internal state checking returns `Z_STREAM_ERROR` without corrupting memory. ### Suggested fix Add an `Operation` member to `ZStream` and call the correct cleanup: ```cpp // In ZStream.h: Operation m_operation; // In ZStream.cpp destructor: ZStream::~ZStream() { if (m_isInitialized) { if (m_operation == Operation::Compression) deflateEnd(&m_stream); else inflateEnd(&m_stream); } } ```