From 08e569f68be0919dcab2e78f2b072862dcd5c98e Mon Sep 17 00:00:00 2001
From: Peter Zmanovsky <48548636+peter15914@users.noreply.github.com>
Date: Thu, 24 Oct 2024 01:15:34 +0500
Subject: [PATCH 1/3] Avoid IndexOutOfRangeException in ZipArchive

---
 .../src/System/IO/Compression/DeflateManaged/HuffmanTree.cs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libraries/System.IO.Compression/src/System/IO/Compression/DeflateManaged/HuffmanTree.cs b/src/libraries/System.IO.Compression/src/System/IO/Compression/DeflateManaged/HuffmanTree.cs
index f2262caad22986..a4f1f621df37ee 100644
--- a/src/libraries/System.IO.Compression/src/System/IO/Compression/DeflateManaged/HuffmanTree.cs
+++ b/src/libraries/System.IO.Compression/src/System/IO/Compression/DeflateManaged/HuffmanTree.cs
@@ -247,6 +247,12 @@ private void CreateTable()
                             }
                             index = -value; // go to next node
 
+                            if (index >= array.Length)
+                            {
+                                // prevent an IndexOutOfRangeException from array[index]
+                                throw new InvalidDataException(SR.InvalidHuffmanData);
+                            }
+
                             codeBitMask <<= 1;
                             overflowBits--;
                         } while (overflowBits != 0);

From 92304074438ac4a7fd9650733ba9bd36ae36ff97 Mon Sep 17 00:00:00 2001
From: peter15914 <48548636+peter15914@users.noreply.github.com>
Date: Sat, 23 Nov 2024 16:48:33 +0500
Subject: [PATCH 2/3] Add Sys.IO.Compression test

Add test to cover problem with invalid zip file.
Currently an IndexOutOfRangeException is thrown when invalid zip file is opened with ZipArchive.
---
 .../zip_InvalidParametersAndStrangeFiles.cs      | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/libraries/System.IO.Compression/tests/ZipArchive/zip_InvalidParametersAndStrangeFiles.cs b/src/libraries/System.IO.Compression/tests/ZipArchive/zip_InvalidParametersAndStrangeFiles.cs
index 87695ad071edff..2aab6874d7b4ac 100644
--- a/src/libraries/System.IO.Compression/tests/ZipArchive/zip_InvalidParametersAndStrangeFiles.cs
+++ b/src/libraries/System.IO.Compression/tests/ZipArchive/zip_InvalidParametersAndStrangeFiles.cs
@@ -871,6 +871,22 @@ public void ReadArchive_WithDiskStartNumberGreaterThanIntMax()
             Assert.Null(exception);
         }
 
+        [Theory]
+        [InlineData("HuffmanTreeException.zip")]
+        public static async Task ZipArchive_InvalidHuffmanData(string zipname)
+        {
+            string filename = bad(zipname);
+            using (ZipArchive archive = new ZipArchive(await StreamHelpers.CreateTempCopyStream(filename), ZipArchiveMode.Read))
+            {
+                ZipArchiveEntry e = archive.Entries[0];
+                using (MemoryStream ms = new MemoryStream())
+                using (Stream s = e.Open())
+                {
+                    Assert.Throws<InvalidDataException>(() => s.CopyTo(ms)); //"Should throw on creating Huffman tree"
+                }
+            }
+        }
+
         private static readonly byte[] s_slightlyIncorrectZip64 =
         {
             // ===== Local file header signature 0x04034b50

From 94bc3e4106eb1310c8473ac4fb6a0bab4ed5a768 Mon Sep 17 00:00:00 2001
From: Peter Zmanovsky <48548636+peter15914@users.noreply.github.com>
Date: Wed, 18 Dec 2024 15:50:19 +0500
Subject: [PATCH 3/3] Update Add Sys.IO.Compression test

Change "Theory" to "Fact"

Co-authored-by: Eric StJohn <ericstj@microsoft.com>
---
 .../ZipArchive/zip_InvalidParametersAndStrangeFiles.cs | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/libraries/System.IO.Compression/tests/ZipArchive/zip_InvalidParametersAndStrangeFiles.cs b/src/libraries/System.IO.Compression/tests/ZipArchive/zip_InvalidParametersAndStrangeFiles.cs
index 2aab6874d7b4ac..1bb8b2a113b05a 100644
--- a/src/libraries/System.IO.Compression/tests/ZipArchive/zip_InvalidParametersAndStrangeFiles.cs
+++ b/src/libraries/System.IO.Compression/tests/ZipArchive/zip_InvalidParametersAndStrangeFiles.cs
@@ -871,11 +871,13 @@ public void ReadArchive_WithDiskStartNumberGreaterThanIntMax()
             Assert.Null(exception);
         }
 
-        [Theory]
-        [InlineData("HuffmanTreeException.zip")]
-        public static async Task ZipArchive_InvalidHuffmanData(string zipname)
+        /// <summary>
+        /// This test checks that an InvalidDataException will be thrown when consuming a zip with bad Huffman data.
+        /// </summary>
+        [Fact]
+        public static async Task ZipArchive_InvalidHuffmanData()
         {
-            string filename = bad(zipname);
+            string filename = bad("HuffmanTreeException.zip");
             using (ZipArchive archive = new ZipArchive(await StreamHelpers.CreateTempCopyStream(filename), ZipArchiveMode.Read))
             {
                 ZipArchiveEntry e = archive.Entries[0];