Commit bae86fd27 for clamav.net

commit bae86fd27282292f23457738273522e4d9176515
Author: Val S. <mx.val@icloud.com>
Date:   Mon Sep 15 18:01:03 2025 -0400

    ZIP: Fix possible leak (#1568)

    Fix a possible memory leak in the overlapping files detecting logic.
    The issue is because cleanup for the zip catalogue allocated by this
    function only happens if the status is no CL_SUCCESS.

    My fix uses a better pattern to ensure we don't override a format error
    with a "clean" result when adding the heuristic alert.

    Fixes: https://issues.oss-fuzz.com/issues/376723678

    CLAM-2857

diff --git a/libclamav/unzip.c b/libclamav/unzip.c
index ae4c55c36..a9f7242f9 100644
--- a/libclamav/unzip.c
+++ b/libclamav/unzip.c
@@ -1154,11 +1154,15 @@ cl_error_t index_the_central_directory(
                     cli_dbgmsg("    current file start: %u\n", curr_record->local_header_offset);

                     if (ZIP_MAX_NUM_OVERLAPPING_FILES < num_overlapping_files) {
+                        status = CL_EFORMAT;
+
                         if (SCAN_HEURISTICS) {
-                            status = cli_append_potentially_unwanted(ctx, "Heuristics.Zip.OverlappingFiles");
-                        } else {
-                            status = CL_EFORMAT;
+                            ret = cli_append_potentially_unwanted(ctx, "Heuristics.Zip.OverlappingFiles");
+                            if (CL_SUCCESS != ret) {
+                                status = ret;
+                            }
                         }
+
                         goto done;
                     }
                 }