From 088c908cda450d63db838ab41620d25c34a8d1fa Mon Sep 17 00:00:00 2001 From: Charlie Marsh Date: Fri, 22 Aug 2025 14:50:07 +0100 Subject: [PATCH] Allow more trailing null bytes in zip files (#15452) ## Summary There isn't any risk here, and we have reports of at least one zip file with more than one (but fewer than, e.g., 10) null bytes. Closes https://github.com/astral-sh/uv/issues/15451. --- crates/uv-extract/src/stream.rs | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/crates/uv-extract/src/stream.rs b/crates/uv-extract/src/stream.rs index 495abaf00..45a775c39 100644 --- a/crates/uv-extract/src/stream.rs +++ b/crates/uv-extract/src/stream.rs @@ -532,19 +532,25 @@ pub async fn unzip( } } - // Determine whether the reader is exhausted. + // Determine whether the reader is exhausted, but allow trailing null bytes, which some zip + // implementations incorrectly include. if !skip_validation { - let mut buffer = [0; 1]; - if reader.read(&mut buffer).await.map_err(Error::Io)? > 0 { - // If the buffer contains a single null byte, ignore it. - if buffer[0] == 0 { - if reader.read(&mut buffer).await.map_err(Error::Io)? > 0 { + let mut has_trailing_bytes = false; + let mut buf = [0u8; 256]; + loop { + let n = reader.read(&mut buf).await.map_err(Error::Io)?; + if n == 0 { + if has_trailing_bytes { + warn!("Ignoring trailing null bytes in ZIP archive"); + } + break; + } + for &b in &buf[..n] { + if b == 0 { + has_trailing_bytes = true; + } else { return Err(Error::TrailingContents); } - - warn!("Ignoring trailing null byte in ZIP archive"); - } else { - return Err(Error::TrailingContents); } } }