search

haf / DotNetZip.Semverd

Please use System.IO.Compression! A fork of the DotNetZip project without signing with a solution that compiles cleanly. This project aims to follow semver to avoid versioning conflicts. DotNetZip is a FAST, FREE class library and toolset for manipulating zip files. Use VB, C# or any .NET language to easily create, extract, or update zip files.
Other
545 stars 218 forks source link

increase margin of safety for seek on end of central directory #259

Closed w5922xd closed 2 weeks ago

w5922xd commented 2 years ago

I have several self-extracting zip files (in a .exe format) generated from Winzip that cannot be read within DotNetZip. Typically this is not problematic but through a combination of events the file is unable to be read.

These files have more metadata after the end of the central directory than most. The safety net for seeking to find the EndOfCentralDirectorySignature is not large enough in this case to accurately find the signature, though it is present in the file.

Because the EndOfCentralDirectorySignature is not found we eventually fall back to the ReadIntoInstance_Orig() method. This will check the headers and recognize (correctly) that the file does not begin with ZipDirEntrySignature because it's a .exe type. Here we receive an exception Bad signature (0x00905A4D) at position 0x00000000. If the EndOfCentralDirectorySignature is found then this bad signature exception is never thrown.

This pull request doubles the safety net for finding the end of the central directory signature. In effect, this avoids all downstream effects for this atypical file format. Thanks for your consideration.

w5922xd commented 2 years ago

I also wanted to mention that I suspect issue https://github.com/haf/DotNetZip.Semverd/issues/100 would be solved with this change. The conditions sound very similar though I cannot download the file to confirm.