[PR #1175] Fix DataDescriptorStream infinite loop on signature boundary match #1613

New Issue

Open

opened 2026-01-29 22:21:23 +00:00 by claunia · 0 comments

claunia commented 2026-01-29 22:21:23 +00:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/adamhathcock/sharpcompress/pull/1175
Author: @Copilot
Created: 1/28/2026
Status: 🔄 Open

Base: release ← Head: copilot/fix-data-descriptor-stream-bug

---

📝 Commits (4)

• 82071af Initial plan
• c726a13 Fix DataDescriptorStream boundary bug to prevent infinite loop
• e896179 Add regression test for DataDescriptorStream boundary bug
• c994a9f Fix DataDescriptorStream to handle legitimate cross-boundary signatures

📊 Changes

2 files changed (+123 additions, -0 deletions)

View changed files

📝 src/SharpCompress/IO/DataDescriptorStream.cs (+32 -0)
📝 tests/SharpCompress.Test/Zip/ZipReaderTests.cs (+91 -0)

📄 Description

Fix DataDescriptorStream boundary bug when signature starts at buffer edge

• Understand the bug in DataDescriptorStream.Read() method
• Identify root cause: infinite loop when rewinding to same position
• Implement correct fix: detect infinite loop vs legitimate partial match
• Test the fix with existing ZIP tests (38/38 passing)
• Format code with CSharpier
• Add regression test for the boundary bug scenario
• Address feedback: fix handles legitimate cross-boundary signatures

Original prompt

---

This section details on the original issue you should resolve

<issue_title>DataDescriptorStream boundary bug when signature starts at buffer edge</issue_title>
<issue_description>When the ZIP data is read in streaming mode and the first byte of the data descriptor signature (0x50 = P) appears as the last byte of a read buffer, the reader gets stuck and the stream positioning breaks.

This causes extraction to fail.

This seems to be caused by how DataDescriptorStream.Read() handles partial matches of PK\07\08 across buffer boundaries.

Observed Behavior

When the last byte of a buffer is 0x50 ('P'):
1. _searchPosition becomes 1
2. At end of buffer, this code runs:
if (_searchPosition > 0)
{
read -= _searchPosition;
_stream.Position -= _searchPosition;
_searchPosition = 0;
}
3. One byte is “rewound”
4. On next read, only 1 byte is returned
5. That byte is again P
6. Same logic repeats
7. Read returns 0 → stream appears finished
8. Extraction stops prematurely

Reproduction

This happens reliably with:
• Streaming ZIP reader
• DataDescriptorStream
• BufferSize = 64k
• Payload length > 64k bytes
• Payload filled with 0x50 ('P')

repro.zip</issue_description>

Comments on the Issue (you are @copilot in this section)

@adamhathcock Sounds similar to https://github.com/adamhathcock/sharpcompress/issues/1168

• Fixes adamhathcock/sharpcompress#1173

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/adamhathcock/sharpcompress/pull/1175 **Author:** [@Copilot](https://github.com/apps/copilot-swe-agent) **Created:** 1/28/2026 **Status:** 🔄 Open **Base:** `release` ← **Head:** `copilot/fix-data-descriptor-stream-bug` --- ### 📝 Commits (4) - [`82071af`](https://github.com/adamhathcock/sharpcompress/commit/82071af5661009bc104a4619bde6fe72460f280d) Initial plan - [`c726a13`](https://github.com/adamhathcock/sharpcompress/commit/c726a13a97ad2572049b59741c64185fa8515dad) Fix DataDescriptorStream boundary bug to prevent infinite loop - [`e896179`](https://github.com/adamhathcock/sharpcompress/commit/e896179f3eeb1819ae896f1a45ea711c38220777) Add regression test for DataDescriptorStream boundary bug - [`c994a9f`](https://github.com/adamhathcock/sharpcompress/commit/c994a9f8451c7eb3ed4a88d81735f55fabe43759) Fix DataDescriptorStream to handle legitimate cross-boundary signatures ### 📊 Changes **2 files changed** (+123 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `src/SharpCompress/IO/DataDescriptorStream.cs` (+32 -0) 📝 `tests/SharpCompress.Test/Zip/ZipReaderTests.cs` (+91 -0) </details> ### 📄 Description ## Fix DataDescriptorStream boundary bug when signature starts at buffer edge - [x] Understand the bug in DataDescriptorStream.Read() method - [x] Identify root cause: infinite loop when rewinding to same position - [x] Implement correct fix: detect infinite loop vs legitimate partial match - [x] Test the fix with existing ZIP tests (38/38 passing) - [x] Format code with CSharpier - [x] Add regression test for the boundary bug scenario - [x] Address feedback: fix handles legitimate cross-boundary signatures <!-- START COPILOT ORIGINAL PROMPT --> <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>DataDescriptorStream boundary bug when signature starts at buffer edge</issue_title> > <issue_description>When the ZIP data is read in streaming mode and the first byte of the data descriptor signature (0x50 = P) appears as the last byte of a read buffer, the reader gets stuck and the stream positioning breaks. > > This causes extraction to fail. > > This seems to be caused by how DataDescriptorStream.Read() handles partial matches of PK\07\08 across buffer boundaries. > > ### Observed Behavior > > When the last byte of a buffer is 0x50 ('P'): > 1. _searchPosition becomes 1 > 2. At end of buffer, this code runs: > if (_searchPosition > 0) > { > read -= _searchPosition; > _stream.Position -= _searchPosition; > _searchPosition = 0; > } > 3. One byte is “rewound” > 4. On next read, only 1 byte is returned > 5. That byte is again P > 6. Same logic repeats > 7. Read returns 0 → stream appears finished > 8. Extraction stops prematurely > > ### Reproduction > > This happens reliably with: > • Streaming ZIP reader > • DataDescriptorStream > • BufferSize = 64k > • Payload length > 64k bytes > • Payload filled with 0x50 ('P') > > [repro.zip](https://github.com/user-attachments/files/24890867/repro.zip)</issue_description> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > <comment_new><author>@adamhathcock</author><body> > Sounds similar to https://github.com/adamhathcock/sharpcompress/issues/1168</body></comment_new> > </comments> > </details> <!-- START COPILOT CODING AGENT SUFFIX --> - Fixes adamhathcock/sharpcompress#1173 <!-- START COPILOT CODING AGENT TIPS --> --- 💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

claunia added the pull-request label 2026-01-29 22:21:23 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

adam/cleanup-options

copilot/add-lzwreader-support

adam/make-nullable

copilot/fix-rar-extraction-issues

adam/add-alternate-compressions

copilot/fix-openentrystreamasync-memory-issue

release

adam/more-explode-async

copilot/fix-infinite-loop-rar-archive

adam/data-descriptor-fix

adam/fix-tests-with-proper-rewind

copilot/fix-data-descriptor-stream-bug

adam/lmza-investigation

adam/create-rar-async

adam/async-rar2

copilot/support-multi-threading-path

copilot/sub-pr-1132-again

adam/memory-perf

copilot/add-performance-benchmarking

copilot/sub-pr-1121

copilot/add-password-support-zip-files

copilot/add-so-optimized-zip-support

adam/rar-async-only

copilot/add-buffered-stream-async-read

copilot/sub-pr-1076

copilot/fix-decompression-exception

copilot/fix-archivefactory-issue

copilot/rationalize-sourcestream-volumes

adam/open-async

copilot/add-ace-archive-support

copilot/sub-pr-1040-again

adam/more-async-3

copilot/fix-tararchive-incomplete-iteration

adam/multi-threaded

copilot/sub-pr-1040

adam/awesome-copilot

copilot/fix-ziparchive-extraction-issue

copilot/fix-tararchive-open-crash

copilot/fix-tar-xz-file-reading-issue

copilot/setup-copilot-instructions

copilot/fix-decompression-performance-issue

copilot/convert-stream-access-to-async

adam/enable-agent

adam/async-deflate

adam/async-rar

adam/more-cleanup

adam/zstd

async-2

zstandard

net461-tests

dmg

async

build-netcore3

recycle-memory-stream

presentation

pax

netcore2

zip_encryption

dotnet-tool

tar_redux

native_zlib

Issue-197

system_buffers

TarNames

7zip_sfx

portable_crypto

WinRT

new_7zip

0.44.5

0.44.4

0.44.3

0.44.2

0.44.1

0.44.0

0.43.0

0.42.1

0.42.0

0.41.0

0.40.0

0.39.0

0.38.0

0.37.2

0.37.1

0.37.0

0.36.0

0.35.0

0.34.2

0.34.1

0.34.0

0.33.0

0.32.2

0.32.1

0.32

0.31

0.30.1

0.30

0.29

0.29.0

0.28.3

0.28.2

0.28.1

0.28

0.27.1

0.27

0.26

0.25.1

0.25

0.24

0.23

0.22

0.21.1

0.21

0.21.0

0.20.0

0.19.2

0.19.1

0.19

0.18.2

0.18.1

0.18

0.17.1

0.17.0

0.16.2

0.16.1

0.16.0

0.15.2

0.15.1

0.15.0

0.14.1

0.14.0

0.13.1

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.6

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11

0.10.3

0.10.2

0.10.1.3

0.10.1.2

0.10.1.1

0.10.1

0.10

0.9

Labels

Clear labels

bug

duplicate

enhancement

feedback requested

not bug

pull-request

Mirrored from GitHub Pull Request

question

up for grabs

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/sharpcompress#1613