archive/zip: ignore malformed Zip64 info in Extra field #13367
Labels
Milestone
Comments
|
@opennota, I've deleted your comment with a link to your implementation because you don't appear to have signed a CLA yet. See https://golang.org/doc/contribute.html#copyright Please upload a fix to Gerrit using https://golang.org/doc/contribute.html#Code_review Thanks! |
rsc
changed the title
|
See also #13166. |
|
CL https://golang.org/cl/18317 mentions this issue. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Some zip packers seem to put bogus value 8 in the Zip64 extended information extra field's size, which results in the reader returning
ErrFormaterrors for all the archived files after the first 4 GiB. Both zip 3.x and unzip 6.x, on the other hand, see no problem with such archives, because they ignore the specified size of the zip64 extra block and just read the compressed size, uncompressed size and the local header offset if the corresponding values in the local or central directory record are set to0xffffor0xffffffff. This is in accordance with the spec:archive/zipdoesn't check this, assuming that the specified size is correct and reading theUncompressedSize64,CompressedSize64andheaderOffsetone by one as though they all must be there. It should instead check if theCompressedSize,UncompressedSizeand previously readheaderOffsetare set to0xffffffff, and then and only then read the corresponding 64-bit values; the specified size of the zip64 extra block should be ignored.The text was updated successfully, but these errors were encountered: