gh-51067: Bound _validate_local_file_entry to the scanned gap

Without this check a stale local header whose compress_size points past
the next referenced entry would make _validate_local_file_entry_sequence
report more strippable bytes than the gap holds.  The move loop would
then over-advance entry_offset, drive a later header_offset negative,
and fail in fp.seek() with the archive partially rewritten.

Author: gpshead

Lib/zipfile/__init__.py

@@ -1696,13 +1696,20 @@ def _validate_local_file_entry(self, fp, offset, end_offset):
 
             zinfo.CRC, zinfo.compress_size, zinfo.file_size, dd_size = dd
 
-        return (
+        entry_size = (
             sizeFileHeader +
             fheader[_FH_FILENAME_LENGTH] + fheader[_FH_EXTRA_FIELD_LENGTH] +
             zinfo.compress_size +
             dd_size
         )
 
+        # Treat as a false positive if the entry would extend past end_offset,
+        # so callers never strip more bytes than the gap actually holds.
+        if offset + entry_size > end_offset:
+            return None
+
+        return entry_size
+
     def _read_local_file_header(self, fp):
         fheader = fp.read(sizeFileHeader)
         if len(fheader) != sizeFileHeader: