From 550e30e76a550d933fe72fc14209403c48d5f5bf Mon Sep 17 00:00:00 2001
From: vlefebvre <valentin.lefebvre@suse.com>
Date: Tue, 6 Aug 2024 16:01:02 +0200
Subject: [PATCH] parse_root_dir: Verify size of extra obtained

* Fix the issue #164 where extra_ptr could be alocated without enough
  bytes to check the magic value.

Signed-off-by: vlefebvre <valentin.lefebvre@suse.com>
---
 zzip/zip.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/zzip/zip.c b/zzip/zip.c
index 7c9bf2a7..b493f064 100644
--- a/zzip/zip.c
+++ b/zzip/zip.c
@@ -525,7 +525,8 @@ __zzip_parse_root_directory(int fd, struct _disk_trailer* trailer, struct zzip_d
         hdr->d_namlen         = u_namlen;
 
         /* looking for ZIP64 extras when csize on intmax */
-        if (u_extras && (hdr->d_csize & 0xFFFFu == 0xFFFFu)) {
+        if (u_extras >= __sizeof(struct zzip_extra_zip64) &&
+            (hdr->d_csize & 0xFFFFu == 0xFFFFu)) {
             DBG3("%i extras bytes (%i)", u_extras, sizeof(struct zzip_extra_zip64));
             zzip_off64_t zz_extras = zz_offset + sizeof(*d) + u_namlen;
             zzip_byte_t* extras_ptr;