From cd7a01c34fc4304ef8161ee617568f274ace5d24 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sun, 18 Mar 2018 23:13:40 +0100
Subject: Windows: Update libzip to version 1.5.0 that include fixes for some
 security issues.

---
 src/Common/libzip/zip_open.c | 427 +++++++++++++++++++++----------------------
 1 file changed, 207 insertions(+), 220 deletions(-)

(limited to 'src/Common/libzip/zip_open.c')

diff --git a/src/Common/libzip/zip_open.c b/src/Common/libzip/zip_open.c
index f62f95f6..1886c9d2 100644
--- a/src/Common/libzip/zip_open.c
+++ b/src/Common/libzip/zip_open.c
@@ -1,6 +1,6 @@
 /*
   zip_open.c -- open zip archive by name
-  Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+  Copyright (C) 1999-2017 Dieter Baron and Thomas Klausner
 
   This file is part of libzip, a library to manipulate ZIP archives.
   The authors can be contacted at <libzip@nih.at>
@@ -32,11 +32,11 @@
 */
 
 
-#include <sys/stat.h>
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/stat.h>
 
 #include "zipint.h"
 
@@ -58,8 +58,7 @@ static zip_cdir_t *_zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip
 
 
 ZIP_EXTERN zip_t *
-zip_open(const char *fn, int _flags, int *zep)
-{
+zip_open(const char *fn, int _flags, int *zep) {
     zip_t *za;
     zip_source_t *src;
     struct zip_error error;
@@ -84,8 +83,7 @@ zip_open(const char *fn, int _flags, int *zep)
 
 
 ZIP_EXTERN zip_t *
-zip_open_from_source(zip_source_t *src, int _flags, zip_error_t *error)
-{
+zip_open_from_source(zip_source_t *src, int _flags, zip_error_t *error) {
     static zip_int64_t needed_support_read = -1;
     static zip_int64_t needed_support_write = -1;
 
@@ -95,24 +93,24 @@ zip_open_from_source(zip_source_t *src, int _flags, zip_error_t *error)
 
     if (_flags < 0 || src == NULL) {
 	zip_error_set(error, ZIP_ER_INVAL, 0);
-        return NULL;
+	return NULL;
     }
     flags = (unsigned int)_flags;
 
     supported = zip_source_supports(src);
     if (needed_support_read == -1) {
-        needed_support_read = zip_source_make_command_bitmap(ZIP_SOURCE_OPEN, ZIP_SOURCE_READ, ZIP_SOURCE_CLOSE, ZIP_SOURCE_SEEK, ZIP_SOURCE_TELL, ZIP_SOURCE_STAT, -1);
-        needed_support_write = zip_source_make_command_bitmap(ZIP_SOURCE_BEGIN_WRITE, ZIP_SOURCE_COMMIT_WRITE, ZIP_SOURCE_ROLLBACK_WRITE, ZIP_SOURCE_SEEK_WRITE, ZIP_SOURCE_TELL_WRITE, ZIP_SOURCE_REMOVE, -1);
+	needed_support_read = zip_source_make_command_bitmap(ZIP_SOURCE_OPEN, ZIP_SOURCE_READ, ZIP_SOURCE_CLOSE, ZIP_SOURCE_SEEK, ZIP_SOURCE_TELL, ZIP_SOURCE_STAT, -1);
+	needed_support_write = zip_source_make_command_bitmap(ZIP_SOURCE_BEGIN_WRITE, ZIP_SOURCE_COMMIT_WRITE, ZIP_SOURCE_ROLLBACK_WRITE, ZIP_SOURCE_SEEK_WRITE, ZIP_SOURCE_TELL_WRITE, ZIP_SOURCE_REMOVE, -1);
     }
     if ((supported & needed_support_read) != needed_support_read) {
-        zip_error_set(error, ZIP_ER_OPNOTSUPP, 0);
-        return NULL;
+	zip_error_set(error, ZIP_ER_OPNOTSUPP, 0);
+	return NULL;
     }
     if ((supported & needed_support_write) != needed_support_write) {
-        flags |= ZIP_RDONLY;
+	flags |= ZIP_RDONLY;
     }
 
-    if ((flags & (ZIP_RDONLY|ZIP_TRUNCATE)) == (ZIP_RDONLY|ZIP_TRUNCATE)) {
+    if ((flags & (ZIP_RDONLY | ZIP_TRUNCATE)) == (ZIP_RDONLY | ZIP_TRUNCATE)) {
 	zip_error_set(error, ZIP_ER_RDONLY, 0);
 	return NULL;
     }
@@ -157,16 +155,9 @@ zip_open_from_source(zip_source_t *src, int _flags, zip_error_t *error)
     }
 }
 
-ZIP_EXTERN void
-zip_register_progress_callback(zip_t *za, zip_progress_callback_t progress_callback)
-{
-    za->progress_callback = progress_callback;
-}
-
 
 zip_t *
-_zip_open(zip_source_t *src, unsigned int flags, zip_error_t *error)
-{
+_zip_open(zip_source_t *src, unsigned int flags, zip_error_t *error) {
     zip_t *za;
     zip_cdir_t *cdir;
     struct zip_stat st;
@@ -185,7 +176,7 @@ _zip_open(zip_source_t *src, unsigned int flags, zip_error_t *error)
 
     /* treat empty files as empty archives */
     if (len == 0) {
-	if ((za=_zip_allocate_new(src, flags, error)) == NULL) {
+	if ((za = _zip_allocate_new(src, flags, error)) == NULL) {
 	    zip_source_free(src);
 	    return NULL;
 	}
@@ -193,12 +184,12 @@ _zip_open(zip_source_t *src, unsigned int flags, zip_error_t *error)
 	return za;
     }
 
-    if ((za=_zip_allocate_new(src, flags, error)) == NULL) {
-        return NULL;
+    if ((za = _zip_allocate_new(src, flags, error)) == NULL) {
+	return NULL;
     }
 
     if ((cdir = _zip_find_central_dir(za, len)) == NULL) {
-        _zip_error_copy(error, &za->error);
+	_zip_error_copy(error, &za->error);
 	/* keep src so discard does not get rid of it */
 	zip_source_keep(src);
 	zip_discard(za);
@@ -212,13 +203,15 @@ _zip_open(zip_source_t *src, unsigned int flags, zip_error_t *error)
 
     free(cdir);
 
+    _zip_hash_reserve_capacity(za->names, za->nentry, &za->error);
+
     for (idx = 0; idx < za->nentry; idx++) {
 	const zip_uint8_t *name = _zip_string_get(za->entry[idx].orig->filename, NULL, 0, error);
 	if (name == NULL) {
-		/* keep src so discard does not get rid of it */
-		zip_source_keep(src);
-		zip_discard(za);
-		return NULL;
+	    /* keep src so discard does not get rid of it */
+	    zip_source_keep(src);
+	    zip_discard(za);
+	    return NULL;
 	}
 
 	if (_zip_hash_add(za->names, name, idx, ZIP_FL_UNCHANGED, &za->error) == false) {
@@ -239,8 +232,7 @@ _zip_open(zip_source_t *src, unsigned int flags, zip_error_t *error)
 
 
 void
-_zip_set_open_error(int *zep, const zip_error_t *err, int ze)
-{
+_zip_set_open_error(int *zep, const zip_error_t *err, int ze) {
     if (err) {
 	ze = zip_error_code_zip(err);
 	if (zip_error_system_type(err) == ZIP_ET_SYS) {
@@ -260,8 +252,7 @@ _zip_set_open_error(int *zep, const zip_error_t *err, int ze)
    entries, or NULL if unsuccessful. */
 
 static zip_cdir_t *
-_zip_read_cdir(zip_t *za, zip_buffer_t *buffer, zip_uint64_t buf_offset, zip_error_t *error)
-{
+_zip_read_cdir(zip_t *za, zip_buffer_t *buffer, zip_uint64_t buf_offset, zip_error_t *error) {
     zip_cdir_t *cd;
     zip_uint16_t comment_len;
     zip_uint64_t i, left;
@@ -281,12 +272,12 @@ _zip_read_cdir(zip_t *za, zip_buffer_t *buffer, zip_uint64_t buf_offset, zip_err
     }
 
     if (eocd_offset >= EOCD64LOCLEN && memcmp(_zip_buffer_data(buffer) + eocd_offset - EOCD64LOCLEN, EOCD64LOC_MAGIC, 4) == 0) {
-        _zip_buffer_set_offset(buffer, eocd_offset - EOCD64LOCLEN);
-        cd = _zip_read_eocd64(za->src, buffer, buf_offset, za->flags, error);
+	_zip_buffer_set_offset(buffer, eocd_offset - EOCD64LOCLEN);
+	cd = _zip_read_eocd64(za->src, buffer, buf_offset, za->flags, error);
     }
     else {
-        _zip_buffer_set_offset(buffer, eocd_offset);
-        cd = _zip_read_eocd(buffer, buf_offset, za->flags, error);
+	_zip_buffer_set_offset(buffer, eocd_offset);
+	cd = _zip_read_eocd(buffer, buf_offset, za->flags, error);
     }
 
     if (cd == NULL)
@@ -303,63 +294,63 @@ _zip_read_cdir(zip_t *za, zip_buffer_t *buffer, zip_uint64_t buf_offset, zip_err
     }
 
     if (comment_len || (za->open_flags & ZIP_CHECKCONS)) {
-        zip_uint64_t tail_len;
+	zip_uint64_t tail_len;
 
-        _zip_buffer_set_offset(buffer, eocd_offset + EOCDLEN);
-        tail_len = _zip_buffer_left(buffer);
+	_zip_buffer_set_offset(buffer, eocd_offset + EOCDLEN);
+	tail_len = _zip_buffer_left(buffer);
 
-        if (tail_len < comment_len || ((za->open_flags & ZIP_CHECKCONS) && tail_len != comment_len)) {
-            zip_error_set(error, ZIP_ER_INCONS, 0);
-            _zip_cdir_free(cd);
-            return NULL;
-        }
+	if (tail_len < comment_len || ((za->open_flags & ZIP_CHECKCONS) && tail_len != comment_len)) {
+	    zip_error_set(error, ZIP_ER_INCONS, 0);
+	    _zip_cdir_free(cd);
+	    return NULL;
+	}
 
-        if (comment_len) {
-            if ((cd->comment=_zip_string_new(_zip_buffer_get(buffer, comment_len), comment_len, ZIP_FL_ENC_GUESS, error)) == NULL) {
-                _zip_cdir_free(cd);
-                return NULL;
-            }
-        }
+	if (comment_len) {
+	    if ((cd->comment = _zip_string_new(_zip_buffer_get(buffer, comment_len), comment_len, ZIP_FL_ENC_GUESS, error)) == NULL) {
+		_zip_cdir_free(cd);
+		return NULL;
+	    }
+	}
     }
 
     if (cd->offset >= buf_offset) {
-        zip_uint8_t *data;
+	zip_uint8_t *data;
 	/* if buffer already read in, use it */
-        _zip_buffer_set_offset(buffer, cd->offset - buf_offset);
-
-        if ((data = _zip_buffer_get(buffer, cd->size)) == NULL) {
-            zip_error_set(error, ZIP_ER_INCONS, 0);
-            _zip_cdir_free(cd);
-            return NULL;
-        }
-        if ((cd_buffer = _zip_buffer_new(data, cd->size)) == NULL) {
-            zip_error_set(error, ZIP_ER_MEMORY, 0);
-            _zip_cdir_free(cd);
-            return NULL;
-        }
+	_zip_buffer_set_offset(buffer, cd->offset - buf_offset);
+
+	if ((data = _zip_buffer_get(buffer, cd->size)) == NULL) {
+	    zip_error_set(error, ZIP_ER_INCONS, 0);
+	    _zip_cdir_free(cd);
+	    return NULL;
+	}
+	if ((cd_buffer = _zip_buffer_new(data, cd->size)) == NULL) {
+	    zip_error_set(error, ZIP_ER_MEMORY, 0);
+	    _zip_cdir_free(cd);
+	    return NULL;
+	}
     }
     else {
-        cd_buffer = NULL;
+	cd_buffer = NULL;
 
-        if (zip_source_seek(za->src, (zip_int64_t)cd->offset, SEEK_SET) < 0) {
-            _zip_error_set_from_source(error, za->src);
-            _zip_cdir_free(cd);
-            return NULL;
-        }
+	if (zip_source_seek(za->src, (zip_int64_t)cd->offset, SEEK_SET) < 0) {
+	    _zip_error_set_from_source(error, za->src);
+	    _zip_cdir_free(cd);
+	    return NULL;
+	}
 
 	/* possible consistency check: cd->offset = len-(cd->size+cd->comment_len+EOCDLEN) ? */
 	if (zip_source_tell(za->src) != (zip_int64_t)cd->offset) {
-            zip_error_set(error, ZIP_ER_NOZIP, 0);
+	    zip_error_set(error, ZIP_ER_NOZIP, 0);
 	    _zip_cdir_free(cd);
 	    return NULL;
 	}
     }
 
     left = (zip_uint64_t)cd->size;
-    i=0;
+    i = 0;
     while (left > 0) {
 	bool grown = false;
-        zip_int64_t entry_size;
+	zip_int64_t entry_size;
 
 	if (i == cd->nentry) {
 	    /* InfoZIP has a hack to avoid using Zip64: it stores nentries % 0x10000 */
@@ -377,49 +368,48 @@ _zip_read_cdir(zip_t *za, zip_buffer_t *buffer, zip_uint64_t buf_offset, zip_err
 	    grown = true;
 	}
 
-	if ((cd->entry[i].orig=_zip_dirent_new()) == NULL || (entry_size = _zip_dirent_read(cd->entry[i].orig, za->src, cd_buffer, false, error)) < 0) {
+	if ((cd->entry[i].orig = _zip_dirent_new()) == NULL || (entry_size = _zip_dirent_read(cd->entry[i].orig, za->src, cd_buffer, false, error)) < 0) {
 	    if (grown && zip_error_code_zip(error) == ZIP_ER_NOZIP) {
 		zip_error_set(error, ZIP_ER_INCONS, 0);
 	    }
 	    _zip_cdir_free(cd);
-            _zip_buffer_free(cd_buffer);
+	    _zip_buffer_free(cd_buffer);
 	    return NULL;
 	}
 	i++;
-        left -= (zip_uint64_t)entry_size;
+	left -= (zip_uint64_t)entry_size;
     }
 
     if (i != cd->nentry || left > 0) {
-        zip_error_set(error, ZIP_ER_INCONS, 0);
-        _zip_buffer_free(cd_buffer);
-        _zip_cdir_free(cd);
-        return NULL;
+	zip_error_set(error, ZIP_ER_INCONS, 0);
+	_zip_buffer_free(cd_buffer);
+	_zip_cdir_free(cd);
+	return NULL;
     }
 
     if (za->open_flags & ZIP_CHECKCONS) {
-        bool ok;
-
-        if (cd_buffer) {
-            ok = _zip_buffer_eof(cd_buffer);
-        }
-        else {
-            zip_int64_t offset = zip_source_tell(za->src);
-
-            if (offset < 0) {
-                _zip_error_set_from_source(error, za->src);
-                _zip_buffer_free(cd_buffer);
-                _zip_cdir_free(cd);
-                return NULL;
-            }
-            ok = ((zip_uint64_t)offset == cd->offset + cd->size);
-        }
-
-        if (!ok) {
-            zip_error_set(error, ZIP_ER_INCONS, 0);
-            _zip_buffer_free(cd_buffer);
-            _zip_cdir_free(cd);
-            return NULL;
-        }
+	bool ok;
+
+	if (cd_buffer) {
+	    ok = _zip_buffer_eof(cd_buffer);
+	}
+	else {
+	    zip_int64_t offset = zip_source_tell(za->src);
+
+	    if (offset < 0) {
+		_zip_error_set_from_source(error, za->src);
+		_zip_cdir_free(cd);
+		return NULL;
+	    }
+	    ok = ((zip_uint64_t)offset == cd->offset + cd->size);
+	}
+
+	if (!ok) {
+	    zip_error_set(error, ZIP_ER_INCONS, 0);
+	    _zip_buffer_free(cd_buffer);
+	    _zip_cdir_free(cd);
+	    return NULL;
+	}
     }
 
     _zip_buffer_free(cd_buffer);
@@ -434,8 +424,7 @@ _zip_read_cdir(zip_t *za, zip_buffer_t *buffer, zip_uint64_t buf_offset, zip_err
    difference between the lowest and the highest fileposition reached */
 
 static zip_int64_t
-_zip_checkcons(zip_t *za, zip_cdir_t *cd, zip_error_t *error)
-{
+_zip_checkcons(zip_t *za, zip_cdir_t *cd, zip_error_t *error) {
     zip_uint64_t i;
     zip_uint64_t min, max, j;
     struct zip_dirent temp;
@@ -448,7 +437,7 @@ _zip_checkcons(zip_t *za, zip_cdir_t *cd, zip_error_t *error)
     else
 	min = max = 0;
 
-    for (i=0; i<cd->nentry; i++) {
+    for (i = 0; i < cd->nentry; i++) {
 	if (cd->entry[i].orig->offset < min)
 	    min = cd->entry[i].orig->offset;
 	if (min > (zip_uint64_t)cd->offset) {
@@ -456,8 +445,7 @@ _zip_checkcons(zip_t *za, zip_cdir_t *cd, zip_error_t *error)
 	    return -1;
 	}
 
-	j = cd->entry[i].orig->offset + cd->entry[i].orig->comp_size
-	    + _zip_string_length(cd->entry[i].orig->filename) + LENTRYSIZE;
+	j = cd->entry[i].orig->offset + cd->entry[i].orig->comp_size + _zip_string_length(cd->entry[i].orig->filename) + LENTRYSIZE;
 	if (j > max)
 	    max = j;
 	if (max > (zip_uint64_t)cd->offset) {
@@ -465,9 +453,9 @@ _zip_checkcons(zip_t *za, zip_cdir_t *cd, zip_error_t *error)
 	    return -1;
 	}
 
-        if (zip_source_seek(za->src, (zip_int64_t)cd->entry[i].orig->offset, SEEK_SET) < 0) {
-            _zip_error_set_from_source(error, za->src);
-            return -1;
+	if (zip_source_seek(za->src, (zip_int64_t)cd->entry[i].orig->offset, SEEK_SET) < 0) {
+	    _zip_error_set_from_source(error, za->src);
+	    return -1;
 	}
 
 	if (_zip_dirent_read(&temp, za->src, NULL, true, error) == -1) {
@@ -488,7 +476,7 @@ _zip_checkcons(zip_t *za, zip_cdir_t *cd, zip_error_t *error)
 	_zip_dirent_finalize(&temp);
     }
 
-    return (max-min) < ZIP_INT64_MAX ? (zip_int64_t)(max-min) : ZIP_INT64_MAX;
+    return (max - min) < ZIP_INT64_MAX ? (zip_int64_t)(max - min) : ZIP_INT64_MAX;
 }
 
 
@@ -497,25 +485,20 @@ _zip_checkcons(zip_t *za, zip_cdir_t *cd, zip_error_t *error)
    Return 0 if they are consistent, -1 if not. */
 
 static int
-_zip_headercomp(const zip_dirent_t *central, const zip_dirent_t *local)
-{
+_zip_headercomp(const zip_dirent_t *central, const zip_dirent_t *local) {
     if ((central->version_needed < local->version_needed)
 #if 0
 	/* some zip-files have different values in local
 	   and global headers for the bitflags */
 	|| (central->bitflags != local->bitflags)
 #endif
-	|| (central->comp_method != local->comp_method)
-	|| (central->last_mod != local->last_mod)
-	|| !_zip_string_equal(central->filename, local->filename))
+	|| (central->comp_method != local->comp_method) || (central->last_mod != local->last_mod) || !_zip_string_equal(central->filename, local->filename))
 	return -1;
 
-    if ((central->crc != local->crc) || (central->comp_size != local->comp_size)
-	|| (central->uncomp_size != local->uncomp_size)) {
+    if ((central->crc != local->crc) || (central->comp_size != local->comp_size) || (central->uncomp_size != local->uncomp_size)) {
 	/* InfoZip stores valid values in local header even when data descriptor is used.
 	   This is in violation of the appnote. */
-	if (((local->bitflags & ZIP_GPBF_DATA_DESCRIPTOR) == 0
-	     || local->crc != 0 || local->comp_size != 0 || local->uncomp_size != 0))
+	if (((local->bitflags & ZIP_GPBF_DATA_DESCRIPTOR) == 0 || local->crc != 0 || local->comp_size != 0 || local->uncomp_size != 0))
 	    return -1;
     }
 
@@ -524,8 +507,7 @@ _zip_headercomp(const zip_dirent_t *central, const zip_dirent_t *local)
 
 
 static zip_t *
-_zip_allocate_new(zip_source_t *src, unsigned int flags, zip_error_t *error)
-{
+_zip_allocate_new(zip_source_t *src, unsigned int flags, zip_error_t *error) {
     zip_t *za;
 
     if ((za = _zip_new(error)) == NULL) {
@@ -535,8 +517,8 @@ _zip_allocate_new(zip_source_t *src, unsigned int flags, zip_error_t *error)
     za->src = src;
     za->open_flags = flags;
     if (flags & ZIP_RDONLY) {
-        za->flags |= ZIP_AFL_RDONLY;
-        za->ch_flags |= ZIP_AFL_RDONLY;
+	za->flags |= ZIP_AFL_RDONLY;
+	za->ch_flags |= ZIP_AFL_RDONLY;
     }
     return za;
 }
@@ -546,14 +528,13 @@ _zip_allocate_new(zip_source_t *src, unsigned int flags, zip_error_t *error)
  * tests for file existence
  */
 static exists_t
-_zip_file_exists(zip_source_t *src, zip_error_t *error)
-{
+_zip_file_exists(zip_source_t *src, zip_error_t *error) {
     struct zip_stat st;
 
     zip_stat_init(&st);
     if (zip_source_stat(src, &st) != 0) {
-        zip_error_t *src_error = zip_source_error(src);
-        if (zip_error_code_zip(src_error) == ZIP_ER_READ && zip_error_code_system(src_error) == ENOENT) {
+	zip_error_t *src_error = zip_source_error(src);
+	if (zip_error_code_zip(src_error) == ZIP_ER_READ && zip_error_code_system(src_error) == ENOENT) {
 	    return EXISTS_NOT;
 	}
 	_zip_error_copy(error, src_error);
@@ -565,8 +546,7 @@ _zip_file_exists(zip_source_t *src, zip_error_t *error)
 
 
 static zip_cdir_t *
-_zip_find_central_dir(zip_t *za, zip_uint64_t len)
-{
+_zip_find_central_dir(zip_t *za, zip_uint64_t len) {
     zip_cdir_t *cdir, *cdirnew;
     zip_uint8_t *match;
     zip_int64_t buf_offset;
@@ -578,7 +558,7 @@ _zip_find_central_dir(zip_t *za, zip_uint64_t len)
 
     if (len < EOCDLEN) {
 	zip_error_set(&za->error, ZIP_ER_NOZIP, 0);
-        return NULL;
+	return NULL;
     }
 
     buflen = (len < CDBUFSIZE ? len : CDBUFSIZE);
@@ -591,62 +571,62 @@ _zip_find_central_dir(zip_t *za, zip_uint64_t len)
 	}
     }
     if ((buf_offset = zip_source_tell(za->src)) < 0) {
-        _zip_error_set_from_source(&za->error, za->src);
-        return NULL;
+	_zip_error_set_from_source(&za->error, za->src);
+	return NULL;
     }
 
     if ((buffer = _zip_buffer_new_from_source(za->src, buflen, NULL, &za->error)) == NULL) {
-        return NULL;
+	return NULL;
     }
 
     best = -1;
     cdir = NULL;
     if (buflen >= CDBUFSIZE) {
-        /* EOCD64 locator is before EOCD, so leave place for it */
-        _zip_buffer_set_offset(buffer, EOCD64LOCLEN);
+	/* EOCD64 locator is before EOCD, so leave place for it */
+	_zip_buffer_set_offset(buffer, EOCD64LOCLEN);
     }
     zip_error_set(&error, ZIP_ER_NOZIP, 0);
 
     match = _zip_buffer_get(buffer, 0);
-    while ((match=_zip_memmem(match, _zip_buffer_left(buffer)-(EOCDLEN-4), (const unsigned char *)EOCD_MAGIC, 4)) != NULL) {
-        _zip_buffer_set_offset(buffer, (zip_uint64_t)(match - _zip_buffer_data(buffer)));
-        if ((cdirnew = _zip_read_cdir(za, buffer, (zip_uint64_t)buf_offset, &error)) != NULL) {
-            if (cdir) {
-                if (best <= 0) {
-                    best = _zip_checkcons(za, cdir, &error);
-                }
-
-                a = _zip_checkcons(za, cdirnew, &error);
-                if (best < a) {
-                    _zip_cdir_free(cdir);
-                    cdir = cdirnew;
-                    best = a;
-                }
-                else {
-                    _zip_cdir_free(cdirnew);
-                }
-            }
-            else {
-                cdir = cdirnew;
-                if (za->open_flags & ZIP_CHECKCONS)
-                    best = _zip_checkcons(za, cdir, &error);
-                else {
-                    best = 0;
-                }
-            }
-            cdirnew = NULL;
-        }
-
-        match++;
-        _zip_buffer_set_offset(buffer, (zip_uint64_t)(match - _zip_buffer_data(buffer)));
+    while ((match = _zip_memmem(match, _zip_buffer_left(buffer) - (EOCDLEN - 4), (const unsigned char *)EOCD_MAGIC, 4)) != NULL) {
+	_zip_buffer_set_offset(buffer, (zip_uint64_t)(match - _zip_buffer_data(buffer)));
+	if ((cdirnew = _zip_read_cdir(za, buffer, (zip_uint64_t)buf_offset, &error)) != NULL) {
+	    if (cdir) {
+		if (best <= 0) {
+		    best = _zip_checkcons(za, cdir, &error);
+		}
+
+		a = _zip_checkcons(za, cdirnew, &error);
+		if (best < a) {
+		    _zip_cdir_free(cdir);
+		    cdir = cdirnew;
+		    best = a;
+		}
+		else {
+		    _zip_cdir_free(cdirnew);
+		}
+	    }
+	    else {
+		cdir = cdirnew;
+		if (za->open_flags & ZIP_CHECKCONS)
+		    best = _zip_checkcons(za, cdir, &error);
+		else {
+		    best = 0;
+		}
+	    }
+	    cdirnew = NULL;
+	}
+
+	match++;
+	_zip_buffer_set_offset(buffer, (zip_uint64_t)(match - _zip_buffer_data(buffer)));
     }
 
     _zip_buffer_free(buffer);
 
     if (best < 0) {
-        _zip_error_copy(&za->error, &error);
-        _zip_cdir_free(cdir);
-        return NULL;
+	_zip_error_copy(&za->error, &error);
+	_zip_cdir_free(cdir);
+	return NULL;
     }
 
     return cdir;
@@ -654,16 +634,14 @@ _zip_find_central_dir(zip_t *za, zip_uint64_t len)
 
 
 static unsigned char *
-_zip_memmem(const unsigned char *big, size_t biglen, const unsigned char *little, size_t littlelen)
-{
+_zip_memmem(const unsigned char *big, size_t biglen, const unsigned char *little, size_t littlelen) {
     const unsigned char *p;
 
     if ((biglen < littlelen) || (littlelen == 0))
 	return NULL;
-    p = big-1;
-    while ((p=(const unsigned char *)
-	        memchr(p+1, little[0], (size_t)(big-(p+1))+(size_t)(biglen-littlelen)+1)) != NULL) {
-	if (memcmp(p+1, little+1, littlelen-1)==0)
+    p = big - 1;
+    while ((p = (const unsigned char *)memchr(p + 1, little[0], (size_t)(big - (p + 1)) + (size_t)(biglen - littlelen) + 1)) != NULL) {
+	if (memcmp(p + 1, little + 1, littlelen - 1) == 0)
 	    return (unsigned char *)p;
     }
 
@@ -672,8 +650,7 @@ _zip_memmem(const unsigned char *big, size_t biglen, const unsigned char *little
 
 
 static zip_cdir_t *
-_zip_read_eocd(zip_buffer_t *buffer, zip_uint64_t buf_offset, unsigned int flags, zip_error_t *error)
-{
+_zip_read_eocd(zip_buffer_t *buffer, zip_uint64_t buf_offset, unsigned int flags, zip_error_t *error) {
     zip_cdir_t *cd;
     zip_uint64_t i, nentry, size, offset, eocd_offset;
 
@@ -704,23 +681,23 @@ _zip_read_eocd(zip_buffer_t *buffer, zip_uint64_t buf_offset, unsigned int flags
     size = _zip_buffer_get_32(buffer);
     offset = _zip_buffer_get_32(buffer);
 
-    if (offset+size < offset) {
-        zip_error_set(error, ZIP_ER_SEEK, EFBIG);
-        return NULL;
+    if (offset + size < offset) {
+	zip_error_set(error, ZIP_ER_SEEK, EFBIG);
+	return NULL;
     }
 
-    if (offset+size > buf_offset + eocd_offset) {
+    if (offset + size > buf_offset + eocd_offset) {
 	/* cdir spans past EOCD record */
 	zip_error_set(error, ZIP_ER_INCONS, 0);
 	return NULL;
     }
 
-    if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
+    if ((flags & ZIP_CHECKCONS) && offset + size != buf_offset + eocd_offset) {
 	zip_error_set(error, ZIP_ER_INCONS, 0);
 	return NULL;
     }
 
-    if ((cd=_zip_cdir_new(nentry, error)) == NULL)
+    if ((cd = _zip_cdir_new(nentry, error)) == NULL)
 	return NULL;
 
     cd->is_zip64 = false;
@@ -732,8 +709,7 @@ _zip_read_eocd(zip_buffer_t *buffer, zip_uint64_t buf_offset, unsigned int flags
 
 
 static zip_cdir_t *
-_zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offset, unsigned int flags, zip_error_t *error)
-{
+_zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offset, unsigned int flags, zip_error_t *error) {
     zip_cdir_t *cd;
     zip_uint64_t offset;
     zip_uint8_t eocd[EOCD64LEN];
@@ -751,8 +727,8 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
     eocd_offset = _zip_buffer_get_64(buffer);
 
     if (eocd_offset > ZIP_INT64_MAX || eocd_offset + EOCD64LEN < eocd_offset) {
-        zip_error_set(error, ZIP_ER_SEEK, EFBIG);
-        return NULL;
+	zip_error_set(error, ZIP_ER_SEEK, EFBIG);
+	return NULL;
     }
 
     if (eocd_offset + EOCD64LEN > eocdloc_offset + buf_offset) {
@@ -761,25 +737,25 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
     }
 
     if (eocd_offset >= buf_offset && eocd_offset + EOCD64LEN <= buf_offset + _zip_buffer_size(buffer)) {
-        _zip_buffer_set_offset(buffer, eocd_offset - buf_offset);
-        free_buffer = false;
+	_zip_buffer_set_offset(buffer, eocd_offset - buf_offset);
+	free_buffer = false;
     }
     else {
-        if (zip_source_seek(src, (zip_int64_t)eocd_offset, SEEK_SET) < 0) {
-            _zip_error_set_from_source(error, src);
-            return NULL;
-        }
-        if ((buffer = _zip_buffer_new_from_source(src, EOCD64LEN, eocd, error)) == NULL) {
-            return NULL;
-        }
-        free_buffer = true;
+	if (zip_source_seek(src, (zip_int64_t)eocd_offset, SEEK_SET) < 0) {
+	    _zip_error_set_from_source(error, src);
+	    return NULL;
+	}
+	if ((buffer = _zip_buffer_new_from_source(src, EOCD64LEN, eocd, error)) == NULL) {
+	    return NULL;
+	}
+	free_buffer = true;
     }
 
     if (memcmp(_zip_buffer_get(buffer, 4), EOCD64_MAGIC, 4) != 0) {
 	zip_error_set(error, ZIP_ER_INCONS, 0);
-        if (free_buffer) {
-            _zip_buffer_free(buffer);
-        }
+	if (free_buffer) {
+	    _zip_buffer_free(buffer);
+	}
 	return NULL;
     }
 
@@ -787,10 +763,10 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
 
     if ((flags & ZIP_CHECKCONS) && size + eocd_offset + 12 != buf_offset + eocdloc_offset) {
 	zip_error_set(error, ZIP_ER_INCONS, 0);
-        if (free_buffer) {
-            _zip_buffer_free(buffer);
-        }
-        return NULL;
+	if (free_buffer) {
+	    _zip_buffer_free(buffer);
+	}
+	return NULL;
     }
 
     _zip_buffer_get(buffer, 4); /* skip version made by/needed */
@@ -809,10 +785,16 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
     }
     if ((flags & ZIP_CHECKCONS) && (eocd_disk != eocd_disk64 || num_disks != num_disks64)) {
 	zip_error_set(error, ZIP_ER_INCONS, 0);
+	if (free_buffer) {
+	    _zip_buffer_free(buffer);
+	}
 	return NULL;
     }
     if (num_disks != 0 || eocd_disk != 0) {
 	zip_error_set(error, ZIP_ER_MULTIDISK, 0);
+	if (free_buffer) {
+	    _zip_buffer_free(buffer);
+	}
 	return NULL;
     }
 
@@ -821,9 +803,9 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
 
     if (nentry != i) {
 	zip_error_set(error, ZIP_ER_MULTIDISK, 0);
-        if (free_buffer) {
-            _zip_buffer_free(buffer);
-        }
+	if (free_buffer) {
+	    _zip_buffer_free(buffer);
+	}
 	return NULL;
     }
 
@@ -831,27 +813,32 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
     offset = _zip_buffer_get_64(buffer);
 
     if (!_zip_buffer_ok(buffer)) {
-        zip_error_set(error, ZIP_ER_INTERNAL, 0);
-        if (free_buffer) {
-            _zip_buffer_free(buffer);
-        }
-        return NULL;
+	zip_error_set(error, ZIP_ER_INTERNAL, 0);
+	if (free_buffer) {
+	    _zip_buffer_free(buffer);
+	}
+	return NULL;
     }
 
     if (free_buffer) {
-        _zip_buffer_free(buffer);
+	_zip_buffer_free(buffer);
     }
 
-    if (offset > ZIP_INT64_MAX || offset+size < offset) {
-        zip_error_set(error, ZIP_ER_SEEK, EFBIG);
-        return NULL;
+    if (offset > ZIP_INT64_MAX || offset + size < offset) {
+	zip_error_set(error, ZIP_ER_SEEK, EFBIG);
+	return NULL;
+    }
+    if (offset + size > buf_offset + eocd_offset) {
+	/* cdir spans past EOCD record */
+	zip_error_set(error, ZIP_ER_INCONS, 0);
+	return NULL;
     }
-    if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) {
+    if ((flags & ZIP_CHECKCONS) && offset + size != buf_offset + eocd_offset) {
 	zip_error_set(error, ZIP_ER_INCONS, 0);
 	return NULL;
     }
 
-    if ((cd=_zip_cdir_new(nentry, error)) == NULL)
+    if ((cd = _zip_cdir_new(nentry, error)) == NULL)
 	return NULL;
 
     cd->is_zip64 = true;
-- 
cgit v1.2.3