Fix overflow in search_tree_size

Also, add guards to follow-up calculations to error if they overflow.

Closes #335.

Changes.md

@@ -1,3 +1,9 @@
+## 1.8.1
+
+* On very large databases, the calculation to determine the search tree
+  size could overflow. This was fixed and several additional guards
+  against overflows were added. Reported by Sami Salonen. GitHub #335.
+
 ## 1.8.0 - 2023-11-07
 
 * `PACKAGE_VERSION` is now a private compile definition when building

src/maxminddb.c

@@ -289,18 +289,27 @@ int MMDB_open(const char *const filename, uint32_t flags, MMDB_s *const mmdb) {
         goto cleanup;
     }
 
-    uint32_t search_tree_size =
-        mmdb->metadata.node_count * mmdb->full_record_byte_size;
+    ssize_t search_tree_size = (ssize_t)mmdb->metadata.node_count *
+                               (ssize_t)mmdb->full_record_byte_size;
+    if (search_tree_size <= 0 || search_tree_size / mmdb->metadata.node_count !=
+                                     mmdb->full_record_byte_size) {
+        status = MMDB_INVALID_METADATA_ERROR;
+        goto cleanup;
+    }
 
     mmdb->data_section =
         mmdb->file_content + search_tree_size + MMDB_DATA_SECTION_SEPARATOR;
-    if (search_tree_size + MMDB_DATA_SECTION_SEPARATOR >
-        (uint32_t)mmdb->file_size) {
+    if (search_tree_size + MMDB_DATA_SECTION_SEPARATOR > mmdb->file_size) {
+        status = MMDB_INVALID_METADATA_ERROR;
+        goto cleanup;
+    }
+    ssize_t data_section_size =
+        mmdb->file_size - search_tree_size - MMDB_DATA_SECTION_SEPARATOR;
+    if (data_section_size > UINT32_MAX || data_section_size <= 0) {
         status = MMDB_INVALID_METADATA_ERROR;
         goto cleanup;
     }
-    mmdb->data_section_size = (uint32_t)mmdb->file_size - search_tree_size -
-                              MMDB_DATA_SECTION_SEPARATOR;
+    mmdb->data_section_size = (uint32_t)data_section_size;
 
     // Although it is likely not possible to construct a database with valid
     // valid metadata, as parsed above, and a data_section_size less than 3,