[PR #972] [MERGED] Handle vendor-specific and malformed ZIP extra fields safely #1387

New Issue

Closed

opened 2026-01-29 22:20:19 +00:00 by claunia · 0 comments

claunia commented 2026-01-29 22:20:19 +00:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/adamhathcock/sharpcompress/pull/972
Author: @TwanVanDongen
Created: 10/24/2025
Status: ✅ Merged
Merged: 10/25/2025
Merged by: @adamhathcock

Base: master ← Head: master

---

📝 Commits (1)

• 6d652a1 And again forgot to apply CSharpierAdds bounds checks to prevent exceptions when extra fields are truncated or non-standard (e.g., 0x4341 "AC"/ARC0). Stops parsing gracefully, allowing other fields to be processed.

📊 Changes

2 files changed (+22 additions, -5 deletions)

View changed files

📝 src/SharpCompress/Common/Zip/Headers/ZipFileEntry.cs (+19 -2)
📝 src/SharpCompress/packages.lock.json (+3 -3)

📄 Description

Adds bounds checks to prevent exceptions when extra fields are truncated or non-standard (e.g., 0x4341 "AC"/ARC0). Stops parsing gracefully, allowing other fields to be processed.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/adamhathcock/sharpcompress/pull/972 **Author:** [@TwanVanDongen](https://github.com/TwanVanDongen) **Created:** 10/24/2025 **Status:** ✅ Merged **Merged:** 10/25/2025 **Merged by:** [@adamhathcock](https://github.com/adamhathcock) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`6d652a1`](https://github.com/adamhathcock/sharpcompress/commit/6d652a12ee037c965676af04ff4aa08da7e7d300) And again forgot to apply CSharpierAdds bounds checks to prevent exceptions when extra fields are truncated or non-standard (e.g., 0x4341 "AC"/ARC0). Stops parsing gracefully, allowing other fields to be processed. ### 📊 Changes **2 files changed** (+22 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `src/SharpCompress/Common/Zip/Headers/ZipFileEntry.cs` (+19 -2) 📝 `src/SharpCompress/packages.lock.json` (+3 -3) </details> ### 📄 Description Adds bounds checks to prevent exceptions when extra fields are truncated or non-standard (e.g., 0x4341 "AC"/ARC0). Stops parsing gracefully, allowing other fields to be processed. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

claunia added the pull-request label 2026-01-29 22:20:19 +00:00

claunia closed this issue 2026-01-29 22:20:19 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

release

adam/merge-release-to-master

dependabot/nuget/xunit.v3-3.2.2

adam/more-explode-async

copilot/fix-infinite-loop-rar-archive

adam/data-descriptor-fix

adam/fix-tests-with-proper-rewind

copilot/fix-data-descriptor-stream-bug

adam/lmza-investigation

adam/create-rar-async

adam/async-rar2

copilot/support-multi-threading-path

copilot/sub-pr-1132-again

adam/memory-perf

copilot/add-performance-benchmarking

copilot/sub-pr-1121

copilot/add-password-support-zip-files

copilot/add-so-optimized-zip-support

adam/rar-async-only

copilot/add-buffered-stream-async-read

copilot/sub-pr-1076

copilot/fix-decompression-exception

copilot/fix-archivefactory-issue

copilot/rationalize-sourcestream-volumes

adam/open-async

copilot/add-ace-archive-support

copilot/sub-pr-1040-again

adam/more-async-3

copilot/fix-tararchive-incomplete-iteration

adam/multi-threaded

copilot/sub-pr-1040

adam/awesome-copilot

copilot/fix-ziparchive-extraction-issue

copilot/fix-tararchive-open-crash

copilot/fix-tar-xz-file-reading-issue

copilot/setup-copilot-instructions

copilot/fix-decompression-performance-issue

copilot/convert-stream-access-to-async

adam/enable-agent

adam/async-deflate

adam/async-rar

adam/more-cleanup

adam/zstd

async-2

zstandard

net461-tests

dmg

async

build-netcore3

recycle-memory-stream

presentation

pax

netcore2

zip_encryption

dotnet-tool

tar_redux

native_zlib

Issue-197

system_buffers

TarNames

7zip_sfx

portable_crypto

WinRT

new_7zip

0.44.5

0.44.4

0.44.3

0.44.2

0.44.1

0.44.0

0.43.0

0.42.1

0.42.0

0.41.0

0.40.0

0.39.0

0.38.0

0.37.2

0.37.1

0.37.0

0.36.0

0.35.0

0.34.2

0.34.1

0.34.0

0.33.0

0.32.2

0.32.1

0.32

0.31

0.30.1

0.30

0.29

0.29.0

0.28.3

0.28.2

0.28.1

0.28

0.27.1

0.27

0.26

0.25.1

0.25

0.24

0.23

0.22

0.21.1

0.21

0.21.0

0.20.0

0.19.2

0.19.1

0.19

0.18.2

0.18.1

0.18

0.17.1

0.17.0

0.16.2

0.16.1

0.16.0

0.15.2

0.15.1

0.15.0

0.14.1

0.14.0

0.13.1

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.6

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11

0.10.3

0.10.2

0.10.1.3

0.10.1.2

0.10.1.1

0.10.1

0.10

0.9

Labels

Clear labels

bug

duplicate

enhancement

feedback requested

not bug

pull-request

Mirrored from GitHub Pull Request

question

up for grabs

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/sharpcompress#1387