try a new agent config

Handle vendor-specific and malformed ZIP extra fields safely

.github/COPILOT_AGENT_README.md

@@ -0,0 +1,13 @@
+# Copilot Coding Agent Configuration
+
+This repository includes a minimal opt-in configuration and CI workflow to allow the GitHub Copilot coding agent to open and validate PRs.
+
+- .copilot-agent.yml: opt-in config for automated agents
+- .github/workflows/dotnetcore.yml: CI runs on PRs touching the solution, source, or tests to validate changes
+- AGENTS.yml: general information for this project
+
+Maintainers can adjust the allowed paths or disable the agent by editing or removing .copilot-agent.yml.
+
+Notes:
+- Do not change any other files in the repository.
+- If build/test paths are different, update the workflow accordingly; this workflow targets SharpCompress.sln and the SharpCompress.Tests test project.

.github/agents/copilot-agent.yml

@@ -0,0 +1,7 @@
+enabled: true
+agent:
+  name: copilot-coding-agent
+  allow:
+    - paths: ["src/**/*", "tests/**/*", "README.md", "AGENTS.md"]
+      actions: ["create", "modify"]
+  require_review_before_merge: true

src/SharpCompress/Common/Zip/Headers/ZipFileEntry.cs

@@ -91,8 +91,15 @@ internal abstract class ZipFileEntry : ZipHeader
 
     protected void LoadExtra(byte[] extra)
     {
-        for (var i = 0; i < extra.Length - 4; )
+        for (var i = 0; i < extra.Length; )
         {
+            // Ensure we have at least a header (2-byte ID + 2-byte length)
+            if (i + 4 > extra.Length)
+            {
+                // Incomplete header — stop parsing extras
+                break;
+            }
+
             var type = (ExtraDataType)BinaryPrimitives.ReadUInt16LittleEndian(extra.AsSpan(i));
             if (!Enum.IsDefined(typeof(ExtraDataType), type))
             {
@@ -106,7 +113,17 @@ internal abstract class ZipFileEntry : ZipHeader
             if (length > extra.Length)
             {
                 // bad extras block
-                return;
+                break; // allow processing optional other blocks
+            }
+            // Some ZIP files contain vendor-specific or malformed extra fields where the declared
+            // data length extends beyond the remaining buffer. This adjustment ensures that
+            // we only read data within bounds (i + 4 + length <= extra.Length)
+            // The example here is: 41 43 18 00 41 52 43 30 46 EB FF FF 51 29 03 C6 03 00 00 00 00 00 00 00 00
+            // No existing zip utility uses 0x4341 ('AC')
+            if (i + 4 + length > extra.Length)
+            {
+                // incomplete or corrupt field
+                break; // allow processing optional other blocks
             }
 
             var data = new byte[length];

src/SharpCompress/packages.lock.json

@@ -335,9 +335,9 @@
     "net8.0": {
       "Microsoft.NET.ILLink.Tasks": {
         "type": "Direct",
-        "requested": "[8.0.17, )",
-        "resolved": "8.0.17",
-        "contentHash": "x5/y4l8AtshpBOrCZdlE4txw8K3e3s9meBFeZeR3l8hbbku2V7kK6ojhXvrbjg1rk3G+JqL1BI26gtgc1ZrdUw=="
+        "requested": "[8.0.21, )",
+        "resolved": "8.0.21",
+        "contentHash": "s8H5PZQs50OcNkaB6Si54+v3GWM7vzs6vxFRMlD3aXsbM+aPCtod62gmK0BYWou9diGzmo56j8cIf/PziijDqQ=="
       },
       "Microsoft.SourceLink.GitHub": {
         "type": "Direct",