Add test case to reproduce deflate64 error

zip-rs · Mar 4, 2024 · fe3821c · fe3821c
1 parent 38a903b
commit fe3821c
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/src/read.rs b/src/read.rs
@@ -1361,4 +1361,16 @@ mod test {
         let reader = ZipArchive::new(Cursor::new(v));
         assert!(reader.is_err());
     }
+
+    #[test]
+    fn deflate64_index_out_of_bounds() -> std::io::Result<()> {
+        use std::io::Read;
+        let file: [u8; 815] = [80, 75, 1, 255, 5, 80, 75, 1, 2, 255, 255, 255, 153, 38, 0, 9, 0, 0, 0, 0, 0, 4, 6, 6, 80, 75, 5, 6, 0, 64, 6, 6, 75, 80, 0, 41, 0, 1, 0, 2, 80, 75, 5, 6, 0, 0, 0, 0, 1, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 148, 0, 0, 0, 0, 0, 0, 0, 0, 45, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, 191, 191, 191, 191, 6, 5, 4, 80, 75, 0, 0, 5, 0, 35, 0, 0, 78, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7, 5, 75, 80, 0, 1, 0, 1, 0, 9, 0, 9, 199, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 253, 255, 0, 0, 117, 117, 75, 4, 6, 0, 1, 9, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 36, 7, 5, 75, 80, 0, 1, 0, 1, 0, 9, 0, 9, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 191, 253, 255, 0, 0, 117, 117, 75, 5, 6, 0, 1, 0, 1, 0, 0, 0, 0, 191, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 191, 253, 255, 0, 0, 117, 117, 75, 5, 6, 0, 1, 80, 75, 3, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 129, 0, 0, 0, 1, 1, 75, 80, 0, 0, 0, 0, 0, 0, 2, 80, 75, 0, 0, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 6, 5, 65, 2, 0, 0, 0, 0, 0, 0, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 255, 255, 255, 255, 255, 255, 69, 69, 69, 69, 69, 69, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 42, 69, 69, 69, 69, 68, 69, 240, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 6, 5, 75, 80, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 62, 69, 69, 69, 69, 69, 69, 69, 1, 0, 0, 0, 0, 0, 0, 16, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 236, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 7, 5, 75, 80, 129, 129, 129, 129, 129, 48, 1, 0, 0, 0, 0, 0, 0, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 0, 0, 0, 0, 0, 69, 69, 69, 69, 69, 69, 61, 43, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 69, 192, 192, 192, 192, 192, 192, 192, 192, 0, 35, 0, 0, 0, 0, 0, 0, 5, 6, 0, 0, 1, 0, 0, 0, 9, 4, 253, 255, 6, 5, 75, 80, 0, 0, 0, 2, 0, 132, 255, 255, 255, 107, 1, 0, 0, 0, 0, 69, 129, 129, 129, 129, 129, 129, 73, 129, 129, 129, 129, 129, 129, 129, 129, 7, 5, 75, 80, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 74, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 129, 0, 0, 0, 0, 0, 69, 69, 69, 69, 69, 69, 61, 61, 1, 0, 0, 0, 0, 0, 0, 16, 61, 61, 61, 61, 255, 255, 255, 255, 255, 255, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 61, 80, 191, 0];
+        let mut reader = ZipArchive::new(Cursor::new(file))?;
+        for i in 0..reader.len() {
+            let mut file = reader.by_index(i)?.take(1024);
+            std::io::copy(&mut file, &mut std::io::sink())?;
+        }
+        Ok(())
+    }
 }