[PR #118] Bugfix for inflate algorithm cutting of the end of certain blocks #849

New Issue

Open

opened 2026-01-29 22:17:51 +00:00 by claunia · 0 comments

claunia commented 2026-01-29 22:17:51 +00:00

Owner

Copy Link

Original Pull Request: https://github.com/adamhathcock/sharpcompress/pull/118

State: closed
Merged: Yes

---

After tracking down a case of a corrupt file being extracted, I was able to isolate the issue to a single 100kb file. If I compress this file with the maximum compression, and decompress it, I the loose the trailing 109 bytes.

I have finally tracked down the issue and made this patch. The problem is that the number of bits requested is larger than the number of bits required. For the LEN and DIST case, the number of required bits k is set to lbits and dbits respectively. But if you look in the code below, you can see that they "consume" a variable number of bits, which in this case is less than k.

For most cases this is not a problem, but when the last code to be processed hits this case, the decompression stops prematurely and this cuts of a number of bytes. Other zip implementations (unarchiver, 7zip, etc) handles this correctly. This bug is also present in jzlib and the DotNetZip libraries, but not in the SharpZipLib/ICSharp.ZipLib.

If have a file that can reproduce this, but I am awaiting clarification to see if I can provide publicly it.

As a side note, the inflater file contains some of the worst code I have seen. It is a mix of states stored in objects and scope, copied around. There are almost no comments, tens of single digit variables, and the control flow is ridiculously hard to follow. In many places the same code is simply copy-pasted rather than being encapsulated, which is why there are two changes to the source code. In other words: if you have another zip implementation, I suggest you go with that :).

**Original Pull Request:** https://github.com/adamhathcock/sharpcompress/pull/118 **State:** closed **Merged:** Yes --- After tracking down a case of a corrupt file being extracted, I was able to isolate the issue to a single 100kb file. If I compress this file with the maximum compression, and decompress it, I the loose the trailing 109 bytes. I have finally tracked down the issue and made this patch. The problem is that the number of bits requested is larger than the number of bits required. For the `LEN` and `DIST` case, the number of required bits `k` is set to `lbits` and `dbits` respectively. But if you look in the code below, you can see that they "consume" a variable number of bits, which in this case is less than `k`. For most cases this is not a problem, but when the last code to be processed hits this case, the decompression stops prematurely and this cuts of a number of bytes. Other zip implementations (unarchiver, 7zip, etc) handles this correctly. This bug is also present in jzlib and the DotNetZip libraries, but not in the SharpZipLib/ICSharp.ZipLib. If have a file that can reproduce this, but I am awaiting clarification to see if I can provide publicly it. As a side note, the inflater file contains some of the worst code I have seen. It is a mix of states stored in objects and scope, copied around. There are almost no comments, tens of single digit variables, and the control flow is ridiculously hard to follow. In many places the same code is simply copy-pasted rather than being encapsulated, which is why there are two changes to the source code. In other words: if you have another zip implementation, I suggest you go with that :).

claunia added the pull-request label 2026-01-29 22:17:51 +00:00

claunia referenced this issue 2026-01-29 22:19:46 +00:00

[PR #849] [MERGED] Fix for issue #844 #1279

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

copilot/add-lzwreader-support

adam/add-alternate-compressions

adam/cleanup-options

copilot/fix-openentrystreamasync-memory-issue

release

adam/more-explode-async

copilot/fix-infinite-loop-rar-archive

adam/data-descriptor-fix

adam/fix-tests-with-proper-rewind

copilot/fix-data-descriptor-stream-bug

adam/lmza-investigation

adam/create-rar-async

adam/async-rar2

copilot/support-multi-threading-path

copilot/sub-pr-1132-again

adam/memory-perf

copilot/add-performance-benchmarking

copilot/sub-pr-1121

copilot/add-password-support-zip-files

copilot/add-so-optimized-zip-support

adam/rar-async-only

copilot/add-buffered-stream-async-read

copilot/sub-pr-1076

copilot/fix-decompression-exception

copilot/fix-archivefactory-issue

copilot/rationalize-sourcestream-volumes

adam/open-async

copilot/add-ace-archive-support

copilot/sub-pr-1040-again

adam/more-async-3

copilot/fix-tararchive-incomplete-iteration

adam/multi-threaded

copilot/sub-pr-1040

adam/awesome-copilot

copilot/fix-ziparchive-extraction-issue

copilot/fix-tararchive-open-crash

copilot/fix-tar-xz-file-reading-issue

copilot/setup-copilot-instructions

copilot/fix-decompression-performance-issue

copilot/convert-stream-access-to-async

adam/enable-agent

adam/async-deflate

adam/async-rar

adam/more-cleanup

adam/zstd

async-2

zstandard

net461-tests

dmg

async

build-netcore3

recycle-memory-stream

presentation

pax

netcore2

zip_encryption

dotnet-tool

tar_redux

native_zlib

Issue-197

system_buffers

TarNames

7zip_sfx

portable_crypto

WinRT

new_7zip

0.44.5

0.44.4

0.44.3

0.44.2

0.44.1

0.44.0

0.43.0

0.42.1

0.42.0

0.41.0

0.40.0

0.39.0

0.38.0

0.37.2

0.37.1

0.37.0

0.36.0

0.35.0

0.34.2

0.34.1

0.34.0

0.33.0

0.32.2

0.32.1

0.32

0.31

0.30.1

0.30

0.29

0.29.0

0.28.3

0.28.2

0.28.1

0.28

0.27.1

0.27

0.26

0.25.1

0.25

0.24

0.23

0.22

0.21.1

0.21

0.21.0

0.20.0

0.19.2

0.19.1

0.19

0.18.2

0.18.1

0.18

0.17.1

0.17.0

0.16.2

0.16.1

0.16.0

0.15.2

0.15.1

0.15.0

0.14.1

0.14.0

0.13.1

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.6

0.11.5

0.11.4

0.11.3

0.11.2

0.11.1

0.11

0.10.3

0.10.2

0.10.1.3

0.10.1.2

0.10.1.1

0.10.1

0.10

0.9

Labels

Clear labels

bug

duplicate

enhancement

feedback requested

not bug

pull-request

Mirrored from GitHub Pull Request

question

up for grabs

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/sharpcompress#849