From 52145d7c0495fc2ee034ee597c23f9cbe53ed26f Mon Sep 17 00:00:00 2001
From: lifegpc <root@lifegpc.com>
Date: Sun, 12 Apr 2026 00:29:11 +0800
Subject: [PATCH] Fix some overflow problem

---
 src/scripts/circus/archive/dat.rs | 2 +-
 src/scripts/circus/archive/pck.rs | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/scripts/circus/archive/dat.rs b/src/scripts/circus/archive/dat.rs
index 1f70178..0693c2f 100644
--- a/src/scripts/circus/archive/dat.rs
+++ b/src/scripts/circus/archive/dat.rs
@@ -354,7 +354,7 @@ fn is_this_format_name_len(buf: &[u8], name_len: usize) -> Result<u8> {
     }
     let first_size = reader.cpeek_u32_at(name_len as u64)?;
     let second_offset = reader.cpeek_u32_at(8 + name_len as u64 * 2)?;
-    if second_offset - next_offset == first_size {
+    if second_offset < next_offset || second_offset - next_offset == first_size {
         return Err(anyhow::anyhow!("Invalid second_offset in DAT archive"));
     }
     for i in 0..mcount {
diff --git a/src/scripts/circus/archive/pck.rs b/src/scripts/circus/archive/pck.rs
index 73515bc..9ccf4d1 100644
--- a/src/scripts/circus/archive/pck.rs
+++ b/src/scripts/circus/archive/pck.rs
@@ -480,7 +480,12 @@ pub fn is_this_format(buf: &[u8]) -> Result<u8> {
     while index < avail_count {
         let off = reader.read_u32()?;
         let size = reader.read_u32()?;
-        if off < prev_off || prev_off + prev_size != off {
+        if off < prev_off
+            || prev_off
+                .checked_add(prev_size)
+                .ok_or_else(|| anyhow::anyhow!("Overflow in offset calculation"))?
+                != off
+        {
             return Err(anyhow::anyhow!("Invalid offset."));
         }
         prev_off = off;