ArgumentOutOfRangeException when parsing LNK files with corrupted CommonPathOffset in LinkInfo

[SteAmeR]

Description The library throws ArgumentOutOfRangeException when parsing LNK files with corrupted CommonPathOffset values in the LinkInfo structure. This occurs when the offset value exceeds the actual size of the location data.

• Steps to Reproduce

1. Parse an LNK file with a corrupted CommonPathOffset value in LinkInfo structure
2. Exception is thrown in LnkFile constructor at line 326

• Stack Trace System.ArgumentOutOfRangeException: Non-negative number required. (Parameter 'count') at System.Text.EncodingNLS.GetString(Byte[] bytes, Int32 index, Int32 count) at Lnk.LnkFile..ctor(Byte[] rawBytes, String sourceFile, Int32 codepage) in LnkFile.cs:line 326

• Root Cause When commonPathOffset exceeds locationBytes.Length, the code attempts to read beyond the byte array bounds:

CommonPath = CodePagesEncodingProvider.Instance.GetEncoding(codepage)
    .GetString(locationBytes, commonPathOffset, locationBytes.Length - commonPathOffset)
    .Split('\0')
    .First();

This results in a negative count parameter being passed to GetString().

• Proposed Solution Validate the offset before attempting to decode the string:

if (locationBytes.Length < commonPathOffset)
{
    CommonPath = String.Empty;
}
else
{
    CommonPath = CodePagesEncodingProvider.Instance.GetEncoding(codepage)
        .GetString(locationBytes, commonPathOffset, locationBytes.Length - commonPathOffset)
        .Split('\0')
        .First();
}

• Sample File

66c3a8eb1a2a5a9bd93e257c0fadd4922b46f6bfc224ae38de374f0bcf193855.zip

• WARNING: The attached LNK file contains malicious content and should NOT be executed. It is provided solely for testing and analysis purposes. Handle with appropriate security precautions.

• Context This is related to issue #23. The same corrupted LNK file exposes multiple offset validation issues in the LinkInfo parsing logic. Similar validation may be needed for other offset fields