From 57a6514a40ebd8a222831bee5aa071e7b3f3e016 Mon Sep 17 00:00:00 2001
From: Pascal Hertleif <killercup@gmail.com>
Date: Tue, 27 Jun 2017 11:23:17 +0200
Subject: [PATCH] Prevent subtract with overflow

This changes assumes this only happens when the archive is invalid.

Fixes #40
---
 src/read.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/read.rs b/src/read.rs
index b584eb29..01dc0fa5 100644
--- a/src/read.rs
+++ b/src/read.rs
@@ -85,7 +85,9 @@ impl<R: Read+io::Seek> ZipArchive<R>
 
         // Some zip files have data prepended to them, resulting in the offsets all being too small. Get the amount of
         // error by comparing the actual file position we found the CDE at with the offset recorded in the CDE.
-        let archive_offset = cde_start_pos - footer.central_directory_size - footer.central_directory_offset;
+        let archive_offset = cde_start_pos.checked_sub(footer.central_directory_size)
+            .and_then(|x| x.checked_sub(footer.central_directory_offset))
+            .ok_or(ZipError::InvalidArchive("Invalid central directory size or offset"))?;
 
         let directory_start = (footer.central_directory_offset + archive_offset) as u64;
         let number_of_files = footer.number_of_files_on_this_disk as usize;