Merge pull request #842 from cushon/zip64

Move cenSize check after reading the zip64 eocd
classgraph · Apr 4, 2024 · 8a14a6f · 8a14a6f
2 parents 99a97f1 + 1aab2d4
commit 8a14a6f
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/src/main/java/nonapi/io/github/classgraph/fastzipfilereader/LogicalZipFile.java b/src/main/java/nonapi/io/github/classgraph/fastzipfilereader/LogicalZipFile.java
@@ -486,10 +486,6 @@ private void readCentralDirectory(final NestedJarHandler nestedJarHandler, final
             throw new IOException("Multi-disk jarfiles not supported: " + getPath());
         }
         long cenSize = reader.readUnsignedInt(eocdPos + 12);
-        if (cenSize > eocdPos) {
-            throw new IOException(
-                    "Central directory size out of range: " + cenSize + " vs. " + eocdPos + ": " + getPath());
-        }
         long cenOff = reader.readUnsignedInt(eocdPos + 16);
         long cenPos = eocdPos - cenSize;
 
@@ -536,6 +532,11 @@ private void readCentralDirectory(final NestedJarHandler nestedJarHandler, final
             }
         }
 
+        if (cenSize > eocdPos) {
+            throw new IOException(
+                    "Central directory size out of range: " + cenSize + " vs. " + eocdPos + ": " + getPath());
+        }
+
         // Get offset of first local file header
         final long locPos = cenPos - cenOff;
         if (locPos < 0) {