search

dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
https://docs.microsoft.com/dotnet/core/
MIT License
15.17k stars 4.72k forks source link

IndexOutOfRangeException in System.IO.Compression.ZipArchive #109167

Open peter15914 opened 4 hours ago

peter15914 commented 4 hours ago

Description

An IndexOutOfRangeException exception is thrown when invalid zip file is opened with ZipArchive.

Reproduction Steps

using System.IO.Compression;

Stream file = File.OpenRead("ZipArchive_IndexOutOfRangeException_001.zip");
MemoryStream stream = new MemoryStream();
file.CopyTo(stream);

using var archive = new ZipArchive(stream, ZipArchiveMode.Read);
foreach (var entry in archive.Entries)
{
    using var source = entry.Open();
    using var destination = new MemoryStream();
    source.CopyTo(destination);
}

With "ZipArchive_IndexOutOfRangeException_001.zip" index is invalid in HuffmanTree.c:260: array[index] = (short)ch;

With "ZipArchive_IndexOutOfRangeException_002.zip" index is invalid in HuffmanTree.c:220: short value = array[index];

ZipArchive_IndexOutOfRangeException_001.zip ZipArchive_IndexOutOfRangeException_002.zip

Expected behavior

InvalidDataException is thrown.

Actual behavior

IndexOutOfRangeException is thrown.

Regression?

No response

Known Workarounds

No response

Configuration

No response

Other information

No response

dotnet-policy-service[bot] commented 4 hours ago

Tagging subscribers to this area: @dotnet/area-system-io-compression See info in area-owners.md if you want to be subscribed.