search

zlib-ng / minizip-ng

Fork of the popular zip manipulation library found in the zlib distribution.
Other
1.24k stars 434 forks source link

ignore number_entry_cd #827

Closed Coeur closed 5 days ago

Coeur commented 1 week ago

Fix #822.

I opted for ignoring number_entry_cd instead of attempting to recover cd because the cd recovery method doesn't work when the split_stream isn't configured. mz_zip_recover_cd is going to use mz_stream_os_tell instead of mz_stream_split_tell and recovery will fail.

An alternative to my fix would be:

  1. First to add zip->recover = 1 inside unzOpen_MZ,
  2. and second to add some split_stream support inside unzOpen_MZ ... which I don't know how to.

(if you know how to add split_stream support to unzOpen_MZ, then feel free to supersede my fix with yours.

Although, in my opinion, the streaming mode ignores CD, so why bothering verifying if number_entry_cd is valid?

nmoinvaz commented 1 week ago

I will need some time to think about this.

Coeur commented 1 week ago

On a note, the sample archive that we're trying to open was shared 6 years ago here: https://github.com/ZipArchive/ZipArchive/issues/478 And there is no context where it came from or what tool was used to make it. @LiuDeng can you tell us where that Books.zip is from, or how it was built? What is the normal app to open that book?

[edit: I don't really expect LiuDeng to answer, as their last activity on GitHub seems to be around 2020 (https://github.com/LiuDeng?tab=repositories)]

Coeur commented 6 days ago

@nmoinvaz I've improved the logic to only skip number_entry_cd when recover is true. And I've added a minimal test file in the fuzz folder.