Guard against malformed input files

Ensure the archive start offset can never be negative. Fixes a case found by OSSFuzz.
richgel999 · Jun 10, 2024 · 0283a17 · 0283a17
1 parent 3c46a05
commit 0283a17
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/miniz_zip.c b/miniz_zip.c
@@ -790,6 +790,9 @@ static int mz_stat64(const char *path, struct __stat64 *buffer)
         if ((cdir_ofs + (mz_uint64)cdir_size) > pZip->m_archive_size)
             return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
 
+        if (eocd_ofs < cdir_ofs + cdir_size)
+            return mz_zip_set_error(pZip, MZ_ZIP_INVALID_HEADER_OR_CORRUPTED);
+
         /* The end of central dir follows the central dir, unless the zip file has
          * some trailing data (e.g. it is appended to an executable file). */
         archive_ofs = eocd_ofs - (cdir_ofs + cdir_size);