Add a checker for signature boundary in verifier

The 'signature_start' variable marks the location of the signature
from the end of a zip archive. And a boundary check is missing where
'signature_start' should be within the EOCD comment field. This causes
problems when sideloading a malicious package. Also add a corresponding
test.

Bug: 31914369
Test: Verification fails correctly when sideloading recovery_test.zip on
angler.

Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1
diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp
index 33aadb3..8d8b461 100644
--- a/tests/component/verifier_test.cpp
+++ b/tests/component/verifier_test.cpp
@@ -155,4 +155,5 @@
             std::vector<std::string>({"random.zip", "v1"}),
             std::vector<std::string>({"fake-eocd.zip", "v1"}),
             std::vector<std::string>({"alter-metadata.zip", "v1"}),
-            std::vector<std::string>({"alter-footer.zip", "v1"})));
+            std::vector<std::string>({"alter-footer.zip", "v1"}),
+            std::vector<std::string>({"signature-boundary.zip", "v1"})));
diff --git a/tests/testdata/signature-boundary.zip b/tests/testdata/signature-boundary.zip
new file mode 100644
index 0000000..64a3cfa
--- /dev/null
+++ b/tests/testdata/signature-boundary.zip
Binary files differ
diff --git a/verifier.cpp b/verifier.cpp
index 44098f7..8245486 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -147,6 +147,12 @@
     LOG(INFO) << "comment is " << comment_size << " bytes; signature is " << signature_start
               << " bytes from end";
 
+    if (signature_start > comment_size) {
+        LOG(ERROR) << "signature start: " << signature_start << " is larger than comment size: "
+                   << comment_size;
+        return VERIFY_FAILURE;
+    }
+
     if (signature_start <= FOOTER_SIZE) {
         LOG(ERROR) << "Signature start is in the footer";
         return VERIFY_FAILURE;