Allow more trailing null bytes in zip files (#15452)

## Summary There isn't any risk here, and we have reports of at least one zip file with more than one (but fewer than, e.g., 10) null bytes. Closes https://github.com/astral-sh/uv/issues/15451.
2025-11-17 10:53:37 +00:00 · 2025-08-22 14:50:07 +01:00 · 2025-08-22 14:50:07 +01:00 · 088c908cda
commit 088c908cda
parent 3e34aee63e
1 changed files with 16 additions and 10 deletions
--- a/crates/uv-extract/src/stream.rs
+++ b/crates/uv-extract/src/stream.rs
@ -532,22 +532,28 @@ pub async fn unzip<R: tokio::io::AsyncRead + Unpin>(
        }
    }
-    // Determine whether the reader is exhausted.
+    // Determine whether the reader is exhausted, but allow trailing null bytes, which some zip
    // implementations incorrectly include.
    if !skip_validation {
-        let mut buffer = [0; 1];
+        let mut has_trailing_bytes = false;
-        if reader.read(&mut buffer).await.map_err(Error::Io)? > 0 {
+        let mut buf = [0u8; 256];
-            // If the buffer contains a single null byte, ignore it.
+        loop {
-            if buffer[0] == 0 {
+            let n = reader.read(&mut buf).await.map_err(Error::Io)?;
-                if reader.read(&mut buffer).await.map_err(Error::Io)? > 0 {
+            if n == 0 {
-                    return Err(Error::TrailingContents);
+                if has_trailing_bytes {
                    warn!("Ignoring trailing null bytes in ZIP archive");
                }
-
+                break;
-                warn!("Ignoring trailing null byte in ZIP archive");
+            }
            for &b in &buf[..n] {
                if b == 0 {
                    has_trailing_bytes = true;
                } else {
                    return Err(Error::TrailingContents);
                }
            }
        }
    }
    Ok(())
 }