Author: Christian Grothoff <christian@grothoff.org>
Description: Fix missing 0-terminator on corrupted ZIP files (CVE-2018-16430).
Origin: https://gnunet.org/git/libextractor.git/commit/?id=24c8d489797499c0331f4d1039e357ece1ae98a7

--- a/src/common/unzip.c
+++ b/src/common/unzip.c
@@ -534,11 +534,11 @@
  * @param pfile_info file information to initialize
  * @param pfile_info_internal internal file information to initialize
  * @param szFileName where to write the name of the current file
- * @param fileNameBufferSize number of bytes available in szFileName
+ * @param fileNameBufferSize number of bytes available in @a szFileName
  * @param extraField where to write extra data
  * @param extraFieldBufferSize number of bytes available in extraField 
  * @param szComment where to write the comment on the current file
- * @param commentBufferSize number of bytes available in szComment
+ * @param commentBufferSize number of bytes available in @a szComment
  * @return EXTRACTOR_UNZIP_OK if there is no problem.
  */
 static int 
@@ -664,7 +664,10 @@
 	  uSizeRead = file_info.size_file_comment;
         }
       else
-	uSizeRead = commentBufferSize;
+        {
+          *(szComment+commentBufferSize - 1) = '\0';
+          uSizeRead = commentBufferSize - 1;
+        }
       
       if (0 != lSeek) 
 	{