[libgsf] zip: when zip64 is forced off, don't allow writing beyond 4G.

[Morten Welinder <mortenw src gnome org>]

commit 1cbd8671f5e96714f72af7e68d6350a1f0e37a44
Author: Morten Welinder <terra gnome org>
Date:   Sun Nov 30 12:09:20 2014 -0500

    zip: when zip64 is forced off, don't allow writing beyond 4G.

 ChangeLog             |    5 +++++
 gsf/gsf-outfile-zip.c |   12 ++++++++++++
 2 files changed, 17 insertions(+), 0 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 7b3e08a..6cf8aa0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-11-30  Morten Welinder  <terra gnome org>
+
+       * gsf/gsf-outfile-zip.c (gsf_outfile_zip_write): When zip64 is
+       forced off, don't allow writing beyond the 4G barrier.
+
 2014-11-29  Morten Welinder  <terra gnome org>
 
        * gsf/gsf-outfile-zip.c (zip_header_write): Determine if the sink
diff --git a/gsf/gsf-outfile-zip.c b/gsf/gsf-outfile-zip.c
index 97fc71d..2e01982 100644
--- a/gsf/gsf-outfile-zip.c
+++ b/gsf/gsf-outfile-zip.c
@@ -767,6 +767,18 @@ gsf_outfile_zip_write (GsfOutput *output,
                        return FALSE;
 
        dirent = zip->vdir->dirent;
+
+       if (dirent->zip64 == FALSE &&
+           (num_bytes >= G_MAXUINT32 ||
+            gsf_output_tell (output) >= (gsf_off_t)(G_MAXUINT32 - num_bytes))) {
+               /*
+                * Uncompressed size field would overflow.  We do not
+                * have a good way to prevent overflow for the
+                * compressed size.
+                */
+               return FALSE;
+       }
+
        if (zip->compression_method == GSF_ZIP_DEFLATED) {
                zip->stream->next_in  = (unsigned char *) data;
                zip->stream->avail_in = num_bytes;