search

gildas-lormeau / zip.js

JavaScript library to zip and unzip files supporting multi-core compression, compression streams, zip64, split files and encryption.
https://gildas-lormeau.github.io/zip.js
BSD 3-Clause "New" or "Revised" License
3.39k stars 510 forks source link

Fix corrupt zips for certain inputs #302

Closed skollmann closed 2 years ago

skollmann commented 2 years ago

This is applying the fix for https://github.com/ymnk/jzlib/issues/9 from https://github.com/ymnk/jzlib/commit/8b205d660d37503f71d4b1bbbc9779925ed14e8d.

This bug was introduced when zlib (written in C) was incorrectly ported to jzlib (in Java), which was later ported to zip.js. Equivalent line in zlib: https://github.com/madler/zlib/blob/cacf7f1d4e3d44d871b605da3b647f07d718623f/deflate.c#L340 (in C, adding a number to a pointer adds sizeof(type) many bytes).

We are using an older version of zip.js and were hit by this bug for some rare inputs. The bug causes the corresponding zip entries to get corrupted and truncated because the range in pending_buf used as output buffer overlaps with the range used for distances for certain input patterns (when that.pending >= d_buf + lx*2).

skollmann commented 2 years ago

I also submitted a PR with a (IMHO) cleaner variant of this fix: https://github.com/gildas-lormeau/zip.js/pull/303

gildas-lormeau commented 2 years ago

I'm closing this PR since #303 has been merged to master.