yauzl - npm Package Compare versions

yauzl

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 3.1.0 to 3.1.1

index.js

		@@ -108,4 +108,5 @@ var fs = require("fs");
		var eocdrWithoutCommentSize = 22;
		var zip64EocdlSize = 20; // Zip64 end of central directory locator
		var maxCommentSize = 0xffff; // 2-byte size
		var bufferSize = Math.min(eocdrWithoutCommentSize + maxCommentSize, totalSize);
		var bufferSize = Math.min(zip64EocdlSize + eocdrWithoutCommentSize + maxCommentSize, totalSize);
		var buffer = newBuffer(bufferSize);
		@@ -123,5 +124,2 @@ var bufferReadStart = totalSize - buffer.length;
		var diskNumber = eocdrBuffer.readUInt16LE(4);
		if (diskNumber !== 0) {
		return callback(new Error("multi-disk zip files are not supported: found disk number: " + diskNumber));
		}
		// 6 - Disk where central directory starts
		@@ -138,3 +136,3 @@ // 8 - Number of central directory records on this disk
		if (commentLength !== expectedCommentLength) {
		return callback(new Error("invalid comment length. expected: " + expectedCommentLength + ". found: " + commentLength));
		return callback(new Error("Invalid comment length. Expected: " + expectedCommentLength + ". Found: " + commentLength + ". Are there extra bytes at the end of the file? Or is the end of central dir signature `PK☺☻` in the comment?"));
		}
		@@ -146,18 +144,7 @@ // 22 - Comment

		if (!(entryCount === 0xffff \|\| centralDirectoryOffset === 0xffffffff)) {
		return callback(null, new ZipFile(reader, centralDirectoryOffset, totalSize, entryCount, comment, options.autoClose, options.lazyEntries, decodeStrings, options.validateEntrySizes, options.strictFileNames));
		}

		// ZIP64 format

		// ZIP64 Zip64 end of central directory locator
		var zip64EocdlBuffer = newBuffer(20);
		var zip64EocdlOffset = bufferReadStart + i - zip64EocdlBuffer.length;
		readAndAssertNoEof(reader, zip64EocdlBuffer, 0, zip64EocdlBuffer.length, zip64EocdlOffset, function(err) {
		if (err) return callback(err);

		// Look for a Zip64 end of central directory locator
		if (i - zip64EocdlSize >= 0 && buffer.readUInt32LE(i - zip64EocdlSize) === 0x07064b50) {
		// ZIP64 format
		var zip64EocdlBuffer = buffer.subarray(i - zip64EocdlSize, i - zip64EocdlSize + zip64EocdlSize);
		// 0 - zip64 end of central dir locator signature = 0x07064b50
		if (zip64EocdlBuffer.readUInt32LE(0) !== 0x07064b50) {
		return callback(new Error("invalid zip64 end of central directory locator signature"));
		}
		// 4 - number of the disk with the start of the zip64 end of central directory
		@@ -170,3 +157,3 @@ // 8 - relative offset of the zip64 end of central directory record
		var zip64EocdrBuffer = newBuffer(56);
		readAndAssertNoEof(reader, zip64EocdrBuffer, 0, zip64EocdrBuffer.length, zip64EocdrOffset, function(err) {
		return readAndAssertNoEof(reader, zip64EocdrBuffer, 0, zip64EocdrBuffer.length, zip64EocdrOffset, function(err) {
		if (err) return callback(err);
		@@ -182,2 +169,7 @@
		// 16 - number of this disk 4 bytes
		diskNumber = zip64EocdrBuffer.readUInt32LE(16);
		if (diskNumber !== 0) {
		// Check this only after zip64 overrides. See #118.
		return callback(new Error("multi-disk zip files are not supported: found disk number: " + diskNumber));
		}
		// 20 - number of the disk with the start of the central directory 4 bytes
		@@ -193,6 +185,14 @@ // 24 - total number of entries in the central directory on this disk 8 bytes
		});
		});
		return;
		}

		// Not ZIP64 format
		if (diskNumber !== 0) {
		return callback(new Error("multi-disk zip files are not supported: found disk number: " + diskNumber));
		}
		return callback(null, new ZipFile(reader, centralDirectoryOffset, totalSize, entryCount, comment, options.autoClose, options.lazyEntries, decodeStrings, options.validateEntrySizes, options.strictFileNames));

		}
		callback(new Error("end of central directory record signature not found"));

		// Not a zip file.
		callback(new Error("End of central directory record signature not found. Either not a zip file, or file is truncated."));
		});
		@@ -199,0 +199,0 @@ }

package.json

		{
		"name": "yauzl",
		"version": "3.1.0",
		"version": "3.1.1",
		"description": "yet another unzip library for node",
		@@ -5,0 +5,0 @@ "engines": {

README.md

		@@ -757,4 +757,14 @@ # yauzl

		### How Ambiguities Are Handled

		The zip file specification has several ambiguities inherent in its design. Yikes!

		* The `.ZIP file comment` must not contain the `end of central dir signature` bytes `50 4b 05 06`. This corresponds to the text `"PK☺☻"` in CP437. While this is allowed by the specification, yauzl will hopefully reject this situation with an "Invalid comment length" error. However, in some situations unpredictable incorrect behavior will ensue, which will probably manifest in either an invalid signature error or some kind of bounds check error, such as "Unexpected EOF".
		* In non-ZIP64 files, the last central directory header must not have the bytes `50 4b 06 07` (`"PK♠•"` in CP437) exactly 20 bytes from its end, which might be in the `file name`, the `extra field`, or the `file comment`. The presence of these bytes indicates that this is a ZIP64 file.

		## Change History

		* 3.1.1
		* Fixed handling non-64 bit files that actually have exactly 0xffff or 0xffffffff values in End of Central Directory Record. This fixes erroneous "invalid zip64 end of central directory locator signature" errors. [issue #108](https://github.com/thejoshwolfe/yauzl/pull/108)
		* Fixed handling of 64-bit zip files that put 0xffff or 0xffffffff in every field overridden in the Zip64 end of central directory record even if the value would have fit without overflow. In particular, this fixes an incorrect "multi-disk zip files are not supported" error. [pull #118](https://github.com/thejoshwolfe/yauzl/pull/118)
		* 3.1.0
		@@ -761,0 +771,0 @@ * Added `readLocalFileHeader()` and `Class: LocalFileHeader`.

Improved metrics