UZIP.parse goes into an infinite loop if the data is not a valid zip file

photopea / UZIP.js

Simple ZIPping library for Javascript

MIT License

187 stars 27 forks source link

UZIP.parse goes into an infinite loop if the data is not a valid zip file #14

Closed szydlovski closed 3 years ago

szydlovski commented 3 years ago

const uzip = require('uzip');
const data = new ArrayBuffer();
const parsed = uzip.parse(data);

When executed, this code appears to go into an infinite loop. No errors are thrown. Is this expected behavior?

photopea commented 3 years ago

Hi, we do not have any system for reporting errors in compressed data. If you give UZIP.js an invalid ZIP file, it is not guaranteed to do any meaningful work.

If we did any compressed data validation, I am afraid that our code would be 2x bigger and 2x slower.

szydlovski commented 3 years ago

So is there no way to make sure that parse won't just hang forever for a given input? Doing meaningful work is one but going into an infinite loop is another.

photopea commented 3 years ago

We could add something like:

if(data.length==0) throw "invalid input";

but there still will be many invalid inputs, for which UZIP could do infinite loops.

szydlovski commented 3 years ago

I understand, thank you for responding!