Skip to content

Fix ZipArchiveFuzzer assertion failure in Zip64EndOfCentralDirectoryLocator.TryReadBlock #118230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 2 commits into from
Closed

Fix ZipArchiveFuzzer assertion failure in Zip64EndOfCentralDirectoryLocator.TryReadBlock #118230

Copilot wants to merge 2 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Jul 31, 2025
edited
Loading

This fixes a debug assertion failure discovered by the ZipArchiveFuzzer when processing malformed ZIP files with truncated Zip64 End of Central Directory Locator blocks.

Problem

The assertion failure occurred in Zip64EndOfCentralDirectoryLocator.TryReadBlock() with the message:

zip64eocdLocatorProper && zip64EOCDLocator != null

The issue was that the code assumed if ZipHelper.SeekBackwardsToSignature() successfully found a Zip64 EOCD Locator signature, then the complete block must be readable. However, malformed or truncated ZIP files (like those generated by fuzzers) can contain valid 4-byte signatures but insufficient remaining data to read the full block structure.

Solution

Replaced the problematic Debug.Assert with proper error handling that throws an InvalidDataException when the block cannot be read completely. This change was applied to both the synchronous and asynchronous versions of the method:

  • Zip64EndOfCentralDirectoryLocator.TryReadBlock() in ZipBlocks.cs
  • Zip64EndOfCentralDirectoryLocator.TryReadBlockAsync() in ZipBlocks.Async.cs

Testing

  • Added a new test case ZipArchive_FuzzerCrashInput_Zip64EOCDLocatorInsufficientData that reproduces the original crash input
  • Verified all existing System.IO.Compression tests continue to pass (1327 tests, 0 failures)
  • Manually tested that the exact crash input from the fuzzer now throws appropriate exceptions instead of crashing

The fix ensures that malformed ZIP files are handled gracefully with proper error reporting rather than triggering assertion failures in debug builds.

Fixes #117147.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@github-actions github-actions bot added the needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners label Jul 31, 2025
@rzikm
Fix ZipArchiveFuzzer assertion failure in Zip64EndOfCentralDirectoryL…
f8972e2 
…ocator.TryReadBlock

Co-authored-by: rzikm <32671551+rzikm@users.noreply.github.com>
Copilot AI changed the title [WIP] [ZipArchiveFuzzer] Assertion failed zip64eocdLocatorProper && zip64EOCDLocator != null Fix ZipArchiveFuzzer assertion failure in Zip64EndOfCentralDirectoryLocator.TryReadBlock Jul 31, 2025
Copilot AI requested a review from rzikm July 31, 2025 08:59
Copilot finished work on behalf of rzikm July 31, 2025 08:59
@rzikm rzikm mentioned this pull request Jul 31, 2025
Merged
@rzikm rzikm closed this Jul 31, 2025
@jkotas jkotas deleted the copilot/fix-117147 branch August 4, 2025 06:09
@github-actions github-actions bot locked and limited conversation to collaborators Sep 3, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@rzikm rzikm Awaiting requested review from rzikm

Assignees

@rzikm rzikm

Copilot code review Copilot

Labels

needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[ZipArchiveFuzzer] Assertion failed zip64eocdLocatorProper && zip64EOCDLocator != null

2 participants

@rzikm