fuzz-27547: fix integer overflow

Fixes a minor integer overflow report by oss-fuzz in the PE petite
packed file parser.

libclamav/petite.c

@@ -85,7 +85,7 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, uint32_t bufsz, struct cli
     void *tmpsct                   = NULL;
 
     /*
-    -] The real thing [-
+     * -] The real thing [-
      */
 
     /* NOTE: (435063->4350a5) Petite kernel32!imports and error strings */
@@ -242,10 +242,10 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, uint32_t bufsz, struct cli
         if (srva != size) { /* Test and clear bit 31 */
             check4resources = 0;
             /*
-	Enumerates each petite data section
+             * Enumerates each petite data section
-	I should get here once ot twice:
+             * I should get here once or twice:
-	- 1 time for the resource section (if present)
+             * - 1 time for the resource section (if present)
-	- 1 time for the all_the_rest section
+             * - 1 time for the all_the_rest section
              */
 
             if (!CLI_ISCONTAINED(buf, bufsz, packed + 4, 8)) {
@@ -254,7 +254,14 @@ int petite_inflate2x_1to9(char *buf, uint32_t minrva, uint32_t bufsz, struct cli
                 return 1;
             }
             /* Save the end of current packed section for later use */
-            bottom = cli_readint32(packed + 8) + 4;
+            bottom = (uint32_t)cli_readint32(packed + 8);
+            if (bottom > UINT32_MAX - 4) {
+                /* bottom is too large, would cause integer overflow */
+                if (usects)
+                    free(usects);
+                return 1;
+            }
+            bottom += 4;
             ssrc   = adjbuf + cli_readint32(packed + 4) - (size - 1) * 4;
             ddst   = adjbuf + cli_readint32(packed + 8) - (size - 1) * 4;