Extracted from a patch in Fedora.

http://pkgs.fedoraproject.org/cgit/unzip.git/tree/unzip-6.0-heap-overflow-infloop.patch?id=d18f821e

From bd150334fb4084f5555a6be26b015a0671cb5b74 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 22 Sep 2015 18:52:23 +0200
Subject: [PATCH 3/3] extract: prevent unsigned overflow on invalid input

Suggested-by: Stefan Cornelius
---
 extract.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/extract.c b/extract.c
index 29db027..b9ae667 100644
--- a/extract.c
+++ b/extract.c
@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk,
         if (G.lrec.compression_method == STORED) {
             zusz_t csiz_decrypted = G.lrec.csize;
 
-            if (G.pInfo->encrypted)
+            if (G.pInfo->encrypted) {
+                if (csiz_decrypted <= 12) {
+                    /* handle the error now to prevent unsigned overflow */
+                    Info(slide, 0x401, ((char *)slide,
+                      LoadFarStringSmall(ErrUnzipNoFile),
+                      LoadFarString(InvalidComprData),
+                      LoadFarStringSmall2(Inflate)));
+                    return PK_ERR;
+                }
                 csiz_decrypted -= 12;
+            }
             if (G.lrec.ucsize != csiz_decrypted) {
                 Info(slide, 0x401, ((char *)slide,
                   LoadFarStringSmall2(WrnStorUCSizCSizDiff),
-- 
2.5.2

thod='get' action='/guix/log/.mailmap'>
<input type='hidden' name='id' value='f9989f27ad23c2a9f7ef9f8abd0663b67c8b47d3'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=f9989f27ad23c2a9f7ef9f8abd0663b67c8b47d3'>root</a>/<a href='/guix/log/.mailmap?id=f9989f27ad23c2a9f7ef9f8abd0663b67c8b47d3'>.mailmap</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/.mailmap?id=f9989f27ad23c2a9f7ef9f8abd0663b67c8b47d3&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2022-01-11 14:48:00 -0500'>2022-01-11</span></td><td><a href='/guix/commit/.mailmap?id=7f779286df7e8636d901f4734501902cc934a72f'>Update mailmap.</a><span class='msg-avail'>...<span class='msg-tooltip'>* .mailmap: Add entry for Zheng Junjie.
</span></span></td><td>Leo Famulari</td></tr>
<tr><td><span title='2021-11-06 16:03:43 +0100'>2021-11-06</span></td><td><a href='/guix/commit/.mailmap?id=567c4f4495fd1681bc6bd1ca3e9d1a87e120ac61'>Update mailmap and copyright assignments for Liliana Marie Prikler.</a><span class='msg-avail'>...<span class='msg-tooltip'>Use full names everywhere.

* .mailmap: Use full name for Liliana Marie Prikler.
* gnu/packages/zig.scm: Likewise.
</span></span></td><td>Liliana Marie Prikler</td></tr>
<tr><td><span title='2021-09-06 12:15:57 +0200'>2021-09-06</span></td><td><a href='/guix/commit/.mailmap?id=7158f8e4e9f81dbe004789018dcf06a5fe87d602'>Update mailmap.</a><span class='msg-avail'>...<span class='msg-tooltip'>* .mailmap: Add entry for Liliana Marie Prikler.
</span></span></td><td>Liliana Marie Prikler</td></tr>
<tr><td><span title='2021-09-04 12:25:17 +0200'>2021-09-04</span></td><td><a href='/guix/commit/.mailmap?id=1fd0bf60ea261fac426052386029ead0ac68cad1'>Update mailmap.</a><span class='msg-avail'>...<span class='msg-tooltip'>* .mailmap: Alias all my contributions to the same identity.
</span></span></td><td>Marius Bakke</td></tr>
<tr><td><span title='2021-07-27 12:34:56 -0400'>2021-07-27</span></td><td><a href='/guix/commit/.mailmap?id=c0e6e8d25e3750a35bebc80469ee86e7826bd769'>Update mailmap.</a><span class='msg-avail'>...<span class='msg-tooltip'>* .mailmap: Add entry for Christine Lemmer-Webber.
</span></span></td><td>Leo Famulari</td></tr>
<tr><td><span title='2021-07-08 09:48:22 +0200'>2021-07-08</span></td><td><a href='/guix/commit/.mailmap?id=0a04c25482c4d848a6a29711fccf5682319e26aa'>mailmap: Update entries for Matthew James Kraai.</a><span class='msg-avail'>...<span class='msg-tooltip'>* .mailmap: Change name for Matthew James Kraai.
* gnu/packages/lisp-xyz.scm, gnu/packages/python-xyz.scm,
gnu/packages/rust.scm: Likewise.

Signed-off-by: Nicolas Goaziou &lt;mail@nicolasgoaziou.fr&gt;
</span></span></td><td>Matthew James Kraai</td></tr>
<tr><td><span title='2021-06-23 22:29:23 -0500'>2021-06-23</span></td><td><a href='/guix/commit/.mailmap?id=6d388103a4ed8f14f1ac6ac7a2ff22c5fa6b8cd4'>gnu: Add Sollya.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/algebra.scm (sollya): New variable.
* .mailmap: Adjust "proper email" for `git commit`.
</span></span></td><td>Eric Bavier</td></tr>
<tr><td><span title='2021-04-21 18:02:27 -0400'>2021-04-21</span></td><td><a href='/guix/commit/.mailmap?id=449844474da86b5f10a4c5e4f1744e1e3a716d6e'>Update email address for Kei.</a><span class='msg-avail'>...<span class='msg-tooltip'>* .mailmap: Remove obsolete email for Kei.
</span></span></td><td>Kei Kebreau</td></tr>