[PR #1142] [MERGED] Fix ReadFullyAsync with ArrayPool buffer in SevenZipArchive signature check #1580

New Issue

claunia · 2026-01-29T22:21:13Z

claunia commented

2026-01-29 22:21:13 +00:00

📋 Pull Request Information

Original PR: https://github.com/adamhathcock/sharpcompress/pull/1142
Author: @Copilot
Created: 1/16/2026
Status: ✅ Merged
Merged: 1/16/2026
Merged by: @adamhathcock

Base: adam/async-creation ← Head: copilot/sub-pr-1132-another-one

📝 Commits (2)

4b9b20d Initial plan
b0fde2b Fix ReadFullyAsync call to specify offset and count for ArrayPool buffer

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 src/SharpCompress/Archives/SevenZip/SevenZipArchive.Factory.cs (+1 -1)

📄 Description

ArrayPool.Rent(6) may return buffers larger than 6 bytes, but ReadFullyAsync(buffer, cancellationToken) attempts to fill the entire buffer, causing reads beyond the intended 6-byte signature.

Changes

Changed ReadFullyAsync(buffer, cancellationToken) to ReadFullyAsync(buffer, 0, 6, cancellationToken) in SignatureMatchAsync
Now consistent with synchronous SignatureMatch which correctly uses ReadExact(buffer, 0, 6)

// Before: reads buffer.Length bytes (could be > 6)
if (!await stream.ReadFullyAsync(buffer, cancellationToken).ConfigureAwait(false))

// After: reads exactly 6 bytes
if (!await stream.ReadFullyAsync(buffer, 0, 6, cancellationToken).ConfigureAwait(false))

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/adamhathcock/sharpcompress/pull/1142 **Author:** [@Copilot](https://github.com/apps/copilot-swe-agent) **Created:** 1/16/2026 **Status:** ✅ Merged **Merged:** 1/16/2026 **Merged by:** [@adamhathcock](https://github.com/adamhathcock) **Base:** `adam/async-creation` ← **Head:** `copilot/sub-pr-1132-another-one` --- ### 📝 Commits (2) - [`4b9b20d`](https://github.com/adamhathcock/sharpcompress/commit/4b9b20de42507eec517ea437a1d68dfba4fe5d27) Initial plan - [`b0fde2b`](https://github.com/adamhathcock/sharpcompress/commit/b0fde2b8c73751943984b769094de5d2675b0765) Fix ReadFullyAsync call to specify offset and count for ArrayPool buffer ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `src/SharpCompress/Archives/SevenZip/SevenZipArchive.Factory.cs` (+1 -1) </details> ### 📄 Description `ArrayPool.Rent(6)` may return buffers larger than 6 bytes, but `ReadFullyAsync(buffer, cancellationToken)` attempts to fill the entire buffer, causing reads beyond the intended 6-byte signature. ## Changes - Changed `ReadFullyAsync(buffer, cancellationToken)` to `ReadFullyAsync(buffer, 0, 6, cancellationToken)` in `SignatureMatchAsync` - Now consistent with synchronous `SignatureMatch` which correctly uses `ReadExact(buffer, 0, 6)` ```csharp // Before: reads buffer.Length bytes (could be > 6) if (!await stream.ReadFullyAsync(buffer, cancellationToken).ConfigureAwait(false)) // After: reads exactly 6 bytes if (!await stream.ReadFullyAsync(buffer, 0, 6, cancellationToken).ConfigureAwait(false)) ```  --- 💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

claunia added the pull-request label 2026-01-29 22:21:13 +00:00

Sign in to join this conversation.

Branches Tags

master

release

adam/merge-release-to-master

dependabot/nuget/xunit.v3-3.2.2

adam/more-explode-async

copilot/fix-infinite-loop-rar-archive

adam/data-descriptor-fix

adam/fix-tests-with-proper-rewind

copilot/fix-data-descriptor-stream-bug

adam/lmza-investigation

adam/create-rar-async

adam/async-rar2

copilot/support-multi-threading-path

copilot/sub-pr-1132-again

adam/memory-perf

copilot/add-performance-benchmarking

copilot/sub-pr-1121

copilot/add-password-support-zip-files

copilot/add-so-optimized-zip-support

adam/rar-async-only

copilot/add-buffered-stream-async-read

copilot/sub-pr-1076

copilot/fix-decompression-exception

copilot/fix-archivefactory-issue

copilot/rationalize-sourcestream-volumes

adam/open-async

copilot/add-ace-archive-support

copilot/sub-pr-1040-again

adam/more-async-3

copilot/fix-tararchive-incomplete-iteration

adam/multi-threaded

copilot/sub-pr-1040

adam/awesome-copilot

copilot/fix-ziparchive-extraction-issue

copilot/fix-tararchive-open-crash

copilot/fix-tar-xz-file-reading-issue

copilot/setup-copilot-instructions

copilot/fix-decompression-performance-issue

copilot/convert-stream-access-to-async

adam/enable-agent

adam/async-deflate

adam/async-rar

adam/more-cleanup

adam/zstd

async-2

zstandard

net461-tests

dmg

async

build-netcore3

recycle-memory-stream

presentation

pax

netcore2

zip_encryption

dotnet-tool

tar_redux

native_zlib

Issue-197

system_buffers

TarNames

7zip_sfx

portable_crypto

WinRT

new_7zip

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/sharpcompress#1580