Found panic in rc-zip-sync/src/read_zip.rs:214 while fuzzing

[PigeonF]

Describe the bug

After watching your video about sans-io I wanted to take a look at the implementation of the rc-zip crates. Seeing that you have added fuzzing support, I thought to run the fuzzer on the latest version of the code (8a09a9d7d70757c0ca1c084c2be5d34ae0038a58 at the time of writing).

The fuzzer produced a crashing input for rc-zip-sync/src/read_zip.rs:214.

To Reproduce

$ mkdir -p fuzz/artifacts/no_panic
$ echo "UAoGUFBLBgcGBgZGBgZQ0SbQUFDQSwVQUEsFBtFlZf///////wAAAAAAAAAAACQ=" | base64 -d > fuzz/artifacts/no_panic/crash-7bc4fbe51eb6a77c6a8996e7d2d47ad1e44727b6
$ cargo +nightly fuzz run no_panic fuzz/artifacts/no_panic/crash-7bc4fbe51eb6a77c6a8996e7d2d47ad1e44727b6
    Finished `release` profile [optimized + debuginfo] target(s) in 0.05s
    Finished `release` profile [optimized + debuginfo] target(s) in 0.05s
     Running `fuzz/target/x86_64-unknown-linux-gnu/release/no_panic -artifact_prefix=/home/pigeonf/reading/rc-zip/fuzz/artifacts/no_panic/ fuzz/artifacts/no_panic/crash-7bc4fbe51eb6a77c6a8996e7d2d47ad1e44727b6`
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 1946761
INFO: Loaded 1 modules   (126305 inline 8-bit counters): 126305 [0x5592a147a200, 0x5592a1498f61),
INFO: Loaded 1 PC tables (126305 PCs): 126305 [0x5592a1498f68,0x5592a1686578),
fuzz/target/x86_64-unknown-linux-gnu/release/no_panic: Running 1 inputs 1 time(s) each.
Running: fuzz/artifacts/no_panic/crash-7bc4fbe51eb6a77c6a8996e7d2d47ad1e44727b6

thread '<unnamed>' panicked at /home/pigeonf/reading/rc-zip/rc-zip-sync/src/read_zip.rs:214:14:
range start index 5787354386310104582 out of range for slice of length 47

Additional context

$ cargo +nightly --version
cargo 1.86.0-nightly (2928e3273 2025-02-07)