René Scharfe:
The offset is declared as unsigned int, so will wrap on most platforms before reaching the clamp check. At least InfoZIP's unzip can handle that, but it's untidy.
Right, that needs to be changed into unsigned long and clamped, just like the original and compressed file sizes already are.
The offset is only needed in the ZIP64 extra record for the central header (in zip_dir) -- the local header has no offset field.
The zip64 local header does have an offset field, though. I thought that was the zip_offset value, but that doesn't make sense, I'm not quite sure what it is supposed to store. I need to investigate that further, I assume.
-- \\// Peter - http://www.softwolves.pp.se/