From f6e8ce812174343b5c9fd1860f9e2e2864428567 Mon Sep 17 00:00:00 2001
From: Anatol Belski <ab@php.net>
Date: Fri, 27 Oct 2017 13:16:56 +0200
Subject: Backport and apply upstream patch for CVE-2017-14107

---
 ext/zip/lib/zip_open.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/ext/zip/lib/zip_open.c b/ext/zip/lib/zip_open.c
index d91fe469db..3616cc5448 100644
--- a/ext/zip/lib/zip_open.c
+++ b/ext/zip/lib/zip_open.c
@@ -726,7 +726,12 @@ _zip_read_eocd64(FILE *f, const zip_uint8_t *eocd64loc, const zip_uint8_t *buf,
         _zip_error_set(error, ZIP_ER_SEEK, EFBIG);
         return NULL;
     }
-    if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) {
+    if (offset+size > buf_offset + eocd_offset) {
+	/* cdir spans past EOCD record */
+	_zip_error_set(error, ZIP_ER_INCONS, 0);
+	return NULL;
+    }
+    if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
 	_zip_error_set(error, ZIP_ER_INCONS, 0);
 	return NULL;
     }
-- 
cgit v1.2.1