http://cvs.php.net/viewvc.cgi/php-src/ext/zip/zip_stream.c?r1=1.1.2.2&r2=1.1.2.3&pathrev=PHP_5_2&view=patch
--- old/ext/zip/zip_stream.c	2006/11/12 00:41:16	1.1.2.2
+++ new/ext/zip/zip_stream.c	2006/12/23 23:28:39	1.1.2.3
@@ -153,7 +153,7 @@
 
 	char *file_basename;
 	size_t file_basename_len;
-	char file_dirname[MAXPATHLEN+1];
+	char file_dirname[MAXPATHLEN];
 
 	struct zip *za;
 	struct zip_file *zf = NULL;
@@ -179,15 +179,15 @@
 		return NULL;
 	}
 	path_len = strlen(path);
+	if (path_len >= MAXPATHLEN || mode[0] != 'r') {
+		return NULL;
+	}
 
 	memcpy(file_dirname, path, path_len - fragment_len);
 	file_dirname[path_len - fragment_len] = '\0';
 
 	php_basename(path, path_len - fragment_len, NULL, 0, &file_basename, &file_basename_len TSRMLS_CC);
 	fragment++;
-	if (mode[0] != 'r') {
-		return NULL;
-	}
 
 	za = zip_open(file_dirname, ZIP_CREATE, &err);
 	if (za) {