From 8a666b102b0d61b6f76a374f13494c662ae126ef Mon Sep 17 00:00:00 2001
From: Alexander Zaitsev <aliaksandr.zaitsau@n-able.com>
Date: Sat, 22 Jan 2022 17:56:13 +0300
Subject: [PATCH] fix: add header offset overflow check

- during the header offset calculation, perform overflow check

Tested:
- Local tests
---
 src/read.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/read.rs b/src/read.rs
index 97bccd2d..7b503ed6 100644
--- a/src/read.rs
+++ b/src/read.rs
@@ -603,7 +603,10 @@ pub(crate) fn central_header_to_zip_file<R: Read + io::Seek>(
     }
 
     // Account for shifted zip offsets.
-    result.header_start += archive_offset;
+    result.header_start = result
+        .header_start
+        .checked_add(archive_offset)
+        .ok_or(ZipError::InvalidArchive("Archive header is too large"))?;
 
     Ok(result)
 }