You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Entry header offsets are not checked for validity before trying to seek to them in the stream. Invalid offsets (i.e. <0) cause InvalidArgumentExceptions to be thrown from inside System.IO code, which are not caught in the existing ZipException handlers. They bubble up and cause the entire archive to fail validation with a cryptic "The parameter is incorrect - {filename}" message.
Reproduction Code
using ICSharpCode.SharpZipLib.Zip;
namespace TestArchive
{
internal class Program
{
static void Main(string[] args)
{
string zipPath = @"C:\temp\test.zip";
using var stream = System.IO.File.OpenRead(zipPath);
using var zip = new ZipFile(stream);
bool isValid = zip.TestArchive(false, TestStrategy.FindAllErrors, ZipTestResultHandler);
if (!isValid)
{
throw new ArgumentException("Zip file is invalid!");
}
}
static void ZipTestResultHandler(TestStatus status, string message)
{
if (status.Entry != null && !status.EntryValid && !string.IsNullOrEmpty(message))
{
Console.WriteLine(status.Entry.ZipFileIndex + ": " + status.Entry.Name);
Console.WriteLine(message);
}
}
}
}
Steps to reproduce
Get a zip file with an entry whose Offset is negative (this is generally an invalid state and I don't know how to create one like this)
Call TestArchive() and pass in a ZipTestResultHandler to get the test results
Expected behavior
I expect each individual entry with an invalid offset/header to be reported on (assuming TestStrategy.FindAllErrors is specified)
Describe the bug
Entry header offsets are not checked for validity before trying to seek to them in the stream. Invalid offsets (i.e. <0) cause InvalidArgumentExceptions to be thrown from inside System.IO code, which are not caught in the existing ZipException handlers. They bubble up and cause the entire archive to fail validation with a cryptic "The parameter is incorrect - {filename}" message.
Reproduction Code
Steps to reproduce
Expected behavior
I expect each individual entry with an invalid offset/header to be reported on (assuming
TestStrategy.FindAllErrors
is specified)Operating System
Windows
Framework Version
Other
Tags
ZIP
Additional context
entry.Offset
not being checked for > 0: https://github.com/icsharpcode/SharpZipLib/blob/master/src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs#L1184Where the InvalidArgumentException from deep in System.IO gets caught outside the while loop (additional entries are not tested): https://github.com/icsharpcode/SharpZipLib/blob/master/src/ICSharpCode.SharpZipLib/Zip/ZipFile.cs#L1144
The text was updated successfully, but these errors were encountered: