File CVE-2018-6540.patch of Package zziplib.35221

Index: zziplib-0.13.67/zzip/mmapped.c
===================================================================
--- zziplib-0.13.67.orig/zzip/mmapped.c
+++ zziplib-0.13.67/zzip/mmapped.c
@@ -457,6 +457,12 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
             errno = EBADMSG;
             return 0;
         }
+	if (root >= disk->endbuf)
+	{
+	    DBG1("root behind endbuf should be impossible");
+	    errno = EBADMSG;
+	    return 0;
+	}
         if (zzip_disk_entry_check_magic(root))
         {
             DBG1("found the disk root");
Index: zziplib-0.13.67/zzip/memdisk.c
===================================================================
--- zziplib-0.13.67.orig/zzip/memdisk.c
+++ zziplib-0.13.67/zzip/memdisk.c
@@ -305,7 +305,14 @@ zzip_mem_entry_find_extra_block(ZZIP_MEM
         char* ext_end = ext + entry->zz_extlen[i];
         if (ext)
         {
-            while (ext + zzip_extra_block_headerlength <= ext_end)
+	    /*
+	     * Make sure that
+	     * 1) the extra block header
+	     * AND
+	     * 2) the block we're looking for
+	     * fit into the extra block!
+	     */
+            while (ext + zzip_extra_block_headerlength + blocksize <= ext_end)
             {
                 if (datatype == zzip_extra_block_get_datatype(ext))
                 {