This fixes a debug assertion failure discovered by the ZipArchiveFuzzer when processing malformed ZIP files with truncated Zip64 End of Central Directory Locator blocks.

Problem

The assertion failure occurred in Zip64EndOfCentralDirectoryLocator.TryReadBlock() with the message:

zip64eocdLocatorProper && zip64EOCDLocator != null

The issue was that the code assumed if ZipHelper.SeekBackwardsToSignature() successfully found a Zip64 EOCD Locator signature, then the complete block must be readable. However, malformed or truncated ZIP files (like those generated by fuzzers) can contain valid 4-byte signatures but insufficient remaining data to read the full block structure.

Solution

Replaced the problematic Debug.Assert with proper error handling that throws an InvalidDataException when the block cannot be read completely. This change was applied to both the synchronous and asynchronous versions of the method:

• Zip64EndOfCentralDirectoryLocator.TryReadBlock() in ZipBlocks.cs
• Zip64EndOfCentralDirectoryLocator.TryReadBlockAsync() in ZipBlocks.Async.cs

Testing

• Added a new test case ZipArchive_FuzzerCrashInput_Zip64EOCDLocatorInsufficientData that reproduces the original crash input
• Verified all existing System.IO.Compression tests continue to pass (1327 tests, 0 failures)
• Manually tested that the exact crash input from the fuzzer now throws appropriate exceptions instead of crashing

The fix ensures that malformed ZIP files are handled gracefully with proper error reporting rather than triggering assertion failures in debug builds.

Fixes #117147.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.