Allow more trailing null bytes in zip files (#15452)

## Summary There isn't any risk here, and we have reports of at least one zip file with more than one (but fewer than, e.g., 10) null bytes. Closes https://github.com/astral-sh/uv/issues/15451.
2025-11-17 02:52:45 +00:00 · 2025-08-22 14:50:07 +01:00 · 2025-08-22 14:50:07 +01:00 · 088c908cda
commit 088c908cda
parent 3e34aee63e
1 changed files with 16 additions and 10 deletions
--- a/crates/uv-extract/src/stream.rs
+++ b/crates/uv-extract/src/stream.rs
@ -532,19 +532,25 @@ pub async fn unzip<R: tokio::io::AsyncRead + Unpin>(
        }
    }

-    // Determine whether the reader is exhausted.
+    // Determine whether the reader is exhausted, but allow trailing null bytes, which some zip
+    // implementations incorrectly include.
    if !skip_validation {
-        let mut buffer = [0; 1];
-        if reader.read(&mut buffer).await.map_err(Error::Io)? > 0 {
-            // If the buffer contains a single null byte, ignore it.
-            if buffer[0] == 0 {
-                if reader.read(&mut buffer).await.map_err(Error::Io)? > 0 {
+        let mut has_trailing_bytes = false;
+        let mut buf = [0u8; 256];
+        loop {
+            let n = reader.read(&mut buf).await.map_err(Error::Io)?;
+            if n == 0 {
+                if has_trailing_bytes {
+                    warn!("Ignoring trailing null bytes in ZIP archive");
+                }
+                break;
+            }
+            for &b in &buf[..n] {
+                if b == 0 {
+                    has_trailing_bytes = true;
+                } else {
                    return Err(Error::TrailingContents);
                }
-
-                warn!("Ignoring trailing null byte in ZIP archive");
-            } else {
-                return Err(Error::TrailingContents);
            }
        }
    }