Avoid integer overflow. Addresses CVE-2015-2331. Fixed similarly to patch used in PHP copy of libzip: https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Thanks to Emmanuel Law <emmanuel.law@gmail.com> for the notification about the bug.