fix: UnexpectedEof on truncated input (#412)

baszalmstra · claude · web-flow · commit e6b38196eb8a · 2025-11-05T20:54:16.000Z
* Add generic truncated stream test to all decoders Added a generic truncated stream test to the test_cases! macro that automatically tests all decoders (bzip2, gzip, deflate, zlib, xz, lzma, lz4, zstd, brotli) for proper handling of incomplete streams. The test compresses data, truncates it, then attempts decompression. Decoders should return UnexpectedEof errors for truncated streams instead of silently accepting incomplete data. This test currently fails for bzip2, lz4, and zstd decoders, which will be fixed in subsequent commits. * Fix BzDecoder to propagate UnexpectedEof error on truncated streams Fixes #411 The async BzDecoder was silently accepting truncated bzip2 streams, returning Ok(0) instead of raising an error. This contrasts with the synchronous bzip2::read::BzDecoder which properly returns an UnexpectedEof error. Added state tracking to BzDecoder: - Added stream_ended field to track if Status::StreamEnd was received - Modified decode() to set stream_ended = true on Status::StreamEnd - Updated finish() to check stream_ended and return UnexpectedEof if false This ensures applications cannot accidentally accept corrupted or incomplete compressed data as valid, matching the behavior of the synchronous decoder. The generic truncated test now passes for bzip2. * Fix Lz4Decoder to propagate UnexpectedEof error on truncated streams The LZ4 decoder was silently accepting truncated streams by not validating stream completion in finish(). This issue was discovered by the generic truncated stream test. Added state tracking to Lz4Decoder: - Added stream_ended field to track if remaining == 0 was seen - Modified decode() to set stream_ended = true when stream completes - Updated finish() to check stream_ended and return UnexpectedEof if false This matches the behavior of other decoders (bzip2, gzip, etc.) and ensures applications cannot accidentally accept corrupted or incomplete LZ4 data as valid. The generic truncated test now passes for LZ4. * Fix ZstdDecoder to propagate UnexpectedEof error on truncated streams The Zstd decoder was silently accepting truncated streams by not validating stream completion in finish(). This issue was discovered by the generic truncated stream test. Added state tracking to ZstdDecoder: - Added stream_ended field to track if remaining == 0 was seen - Modified decode() to set stream_ended = true when stream completes - Updated finish() to check stream_ended and return UnexpectedEof if false - Updated all constructors to initialize stream_ended = false This matches the behavior of other decoders (bzip2, gzip, lz4, etc.) and ensures applications cannot accidentally accept corrupted or incomplete zstd data as valid. The generic truncated test now passes for Zstd. --------- Co-authored-by: Claude <noreply@anthropic.com>
diff --git a/crates/async-compression/tests/utils/test_cases.rs b/crates/async-compression/tests/utils/test_cases.rs
@@ -231,6 +231,26 @@ macro_rules! io_test_cases {
 
                         assert_eq!(output, &[1, 2, 3, 4, 5, 6, 6, 5, 4, 3, 2, 1][..]);
                     }
+
+                    #[test]
+                    #[ntest::timeout(1000)]
+                    fn truncated() {
+                        let compressed = sync::compress(&[1, 2, 3, 4, 5, 6]);
+
+                        // Truncate the compressed data (remove last 20 bytes or half, whichever is less)
+                        let truncate_amount = std::cmp::min(20, compressed.len() / 2);
+                        let truncated = &compressed[..compressed.len() - truncate_amount];
+
+                        let input = InputStream::new(vec![truncated.to_vec()]);
+
+                        // Try to decompress - should get an error for incomplete stream
+                        // The error manifests as a panic when read::to_vec calls unwrap()
+                        let result =
+                            std::panic::catch_unwind(|| bufread::decompress(bufread::from(&input)));
+
+                        // Should fail for truncated stream
+                        assert!(result.is_err(), "Expected error for truncated stream");
+                    }
                 }
             }
 
diff --git a/crates/compression-codecs/src/bzip2/decoder.rs b/crates/compression-codecs/src/bzip2/decoder.rs
@@ -5,6 +5,7 @@ use std::{fmt, io};
 
 pub struct BzDecoder {
     decompress: Decompress,
+    stream_ended: bool,
 }
 
 impl fmt::Debug for BzDecoder {
@@ -22,6 +23,7 @@ impl Default for BzDecoder {
     fn default() -> Self {
         Self {
             decompress: Decompress::new(false),
+            stream_ended: false,
         }
     }
 }
@@ -49,13 +51,19 @@ impl BzDecoder {
         input.advance((self.decompress.total_in() - prior_in) as usize);
         output.advance((self.decompress.total_out() - prior_out) as usize);
 
+        // Track when stream has properly ended
+        if status == Status::StreamEnd {
+            self.stream_ended = true;
+        }
+
         Ok(status)
     }
 }
 
 impl DecodeV2 for BzDecoder {
     fn reinit(&mut self) -> io::Result<()> {
         self.decompress = Decompress::new(false);
+        self.stream_ended = false;
         Ok(())
     }
 
@@ -101,6 +109,13 @@ impl DecodeV2 for BzDecoder {
     }
 
     fn finish(&mut self, _output: &mut WriteBuffer<'_>) -> io::Result<bool> {
-        Ok(true)
+        if self.stream_ended {
+            Ok(true)
+        } else {
+            Err(io::Error::new(
+                io::ErrorKind::UnexpectedEof,
+                "bzip2 stream did not finish",
+            ))
+        }
     }
 }
diff --git a/crates/compression-codecs/src/lz4/decoder.rs b/crates/compression-codecs/src/lz4/decoder.rs
@@ -17,6 +17,7 @@ struct DecoderContext {
 #[derive(Debug)]
 pub struct Lz4Decoder {
     ctx: Unshared<DecoderContext>,
+    stream_ended: bool,
 }
 
 impl DecoderContext {
@@ -37,6 +38,7 @@ impl Default for Lz4Decoder {
     fn default() -> Self {
         Self {
             ctx: Unshared::new(DecoderContext::new().unwrap()),
+            stream_ended: false,
         }
     }
 }
@@ -50,6 +52,7 @@ impl Lz4Decoder {
 impl DecodeV2 for Lz4Decoder {
     fn reinit(&mut self) -> Result<()> {
         unsafe { LZ4F_resetDecompressionContext(self.ctx.get_mut().ctx) };
+        self.stream_ended = false;
         Ok(())
     }
 
@@ -74,7 +77,12 @@ impl DecodeV2 for Lz4Decoder {
         };
         input.advance(input_size);
         output.advance(output_size);
-        Ok(remaining == 0)
+
+        let finished = remaining == 0;
+        if finished {
+            self.stream_ended = true;
+        }
+        Ok(finished)
     }
 
     fn flush(&mut self, output: &mut WriteBuffer<'_>) -> Result<bool> {
@@ -92,6 +100,15 @@ impl DecodeV2 for Lz4Decoder {
     }
 
     fn finish(&mut self, output: &mut WriteBuffer<'_>) -> Result<bool> {
-        self.flush(output)
+        self.flush(output)?;
+
+        if self.stream_ended {
+            Ok(true)
+        } else {
+            Err(std::io::Error::new(
+                std::io::ErrorKind::UnexpectedEof,
+                "lz4 stream did not finish",
+            ))
+        }
     }
 }
diff --git a/crates/compression-codecs/src/zstd/decoder.rs b/crates/compression-codecs/src/zstd/decoder.rs
@@ -13,12 +13,14 @@ use zstd_safe::get_error_name;
 #[derive(Debug)]
 pub struct ZstdDecoder {
     decoder: Unshared<Decoder<'static>>,
+    stream_ended: bool,
 }
 
 impl Default for ZstdDecoder {
     fn default() -> Self {
         Self {
             decoder: Unshared::new(Decoder::new().unwrap()),
+            stream_ended: false,
         }
     }
 }
@@ -35,13 +37,15 @@ impl ZstdDecoder {
         }
         Self {
             decoder: Unshared::new(decoder),
+            stream_ended: false,
         }
     }
 
     pub fn new_with_dict(dictionary: &[u8]) -> io::Result<Self> {
         let decoder = Decoder::with_dictionary(dictionary)?;
         Ok(Self {
             decoder: Unshared::new(decoder),
+            stream_ended: false,
         })
     }
 
@@ -64,6 +68,7 @@ impl ZstdDecoder {
 impl DecodeV2 for ZstdDecoder {
     fn reinit(&mut self) -> Result<()> {
         self.decoder.get_mut().reinit()?;
+        self.stream_ended = false;
         Ok(())
     }
 
@@ -80,15 +85,32 @@ impl DecodeV2 for ZstdDecoder {
             .run_on_buffers(input.unwritten(), output.unwritten_initialized_mut())?;
         input.advance(status.bytes_read);
         output.advance(status.bytes_written);
-        Ok(status.remaining == 0)
+
+        let finished = status.remaining == 0;
+        if finished {
+            self.stream_ended = true;
+        }
+        Ok(finished)
     }
 
     fn flush(&mut self, output: &mut WriteBuffer<'_>) -> Result<bool> {
+        // Note: stream_ended is not updated here because zstd's flush only flushes
+        // buffered output and doesn't indicate stream completion. Stream completion
+        // is detected in decode() when status.remaining == 0.
         self.call_fn_on_out_buffer(output, |decoder, out_buf| decoder.flush(out_buf))
     }
 
     fn finish(&mut self, output: &mut WriteBuffer<'_>) -> Result<bool> {
-        self.call_fn_on_out_buffer(output, |decoder, out_buf| decoder.finish(out_buf, true))
+        self.call_fn_on_out_buffer(output, |decoder, out_buf| decoder.finish(out_buf, true))?;
+
+        if self.stream_ended {
+            Ok(true)
+        } else {
+            Err(io::Error::new(
+                io::ErrorKind::UnexpectedEof,
+                "zstd stream did not finish",
+            ))
+        }
     }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@ use std::{fmt, io};`
`5`	`5`
`6`	`6`	`pub struct BzDecoder {`
`7`	`7`	`decompress: Decompress,`
	`8`	`+ stream_ended: bool,`
`8`	`9`	`}`
`9`	`10`
`10`	`11`	`impl fmt::Debug for BzDecoder {`
`@@ -22,6 +23,7 @@ impl Default for BzDecoder {`
`22`	`23`	`fn default() -> Self {`
`23`	`24`	`Self {`
`24`	`25`	`decompress: Decompress::new(false),`
	`26`	`+ stream_ended: false,`
`25`	`27`	`}`
`26`	`28`	`}`
`27`	`29`	`}`
`@@ -49,13 +51,19 @@ impl BzDecoder {`
`49`	`51`	`input.advance((self.decompress.total_in() - prior_in) as usize);`
`50`	`52`	`output.advance((self.decompress.total_out() - prior_out) as usize);`
`51`	`53`
	`54`	`+ // Track when stream has properly ended`
	`55`	`+ if status == Status::StreamEnd {`
	`56`	`+ self.stream_ended = true;`
	`57`	`+ }`
	`58`	`+`
`52`	`59`	`Ok(status)`
`53`	`60`	`}`
`54`	`61`	`}`
`55`	`62`
`56`	`63`	`impl DecodeV2 for BzDecoder {`
`57`	`64`	`fn reinit(&mut self) -> io::Result<()> {`
`58`	`65`	`self.decompress = Decompress::new(false);`
	`66`	`+ self.stream_ended = false;`
`59`	`67`	`Ok(())`
`60`	`68`	`}`
`61`	`69`
`@@ -101,6 +109,13 @@ impl DecodeV2 for BzDecoder {`
`101`	`109`	`}`
`102`	`110`
`103`	`111`	`fn finish(&mut self, _output: &mut WriteBuffer<'_>) -> io::Result<bool> {`
`104`		`- Ok(true)`
	`112`	`+ if self.stream_ended {`
	`113`	`+ Ok(true)`
	`114`	`+ } else {`
	`115`	`+ Err(io::Error::new(`
	`116`	`+ io::ErrorKind::UnexpectedEof,`
	`117`	`+ "bzip2 stream did not finish",`
	`118`	`+ ))`
	`119`	`+ }`
`105`	`120`	`}`
`106`	`121`	`}`
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ struct DecoderContext {`
`17`	`17`	`#[derive(Debug)]`
`18`	`18`	`pub struct Lz4Decoder {`
`19`	`19`	`ctx: Unshared<DecoderContext>,`
	`20`	`+ stream_ended: bool,`
`20`	`21`	`}`
`21`	`22`
`22`	`23`	`impl DecoderContext {`
`@@ -37,6 +38,7 @@ impl Default for Lz4Decoder {`
`37`	`38`	`fn default() -> Self {`
`38`	`39`	`Self {`
`39`	`40`	`ctx: Unshared::new(DecoderContext::new().unwrap()),`
	`41`	`+ stream_ended: false,`
`40`	`42`	`}`
`41`	`43`	`}`
`42`	`44`	`}`
`@@ -50,6 +52,7 @@ impl Lz4Decoder {`
`50`	`52`	`impl DecodeV2 for Lz4Decoder {`
`51`	`53`	`fn reinit(&mut self) -> Result<()> {`
`52`	`54`	`unsafe { LZ4F_resetDecompressionContext(self.ctx.get_mut().ctx) };`
	`55`	`+ self.stream_ended = false;`
`53`	`56`	`Ok(())`
`54`	`57`	`}`
`55`	`58`
`@@ -74,7 +77,12 @@ impl DecodeV2 for Lz4Decoder {`
`74`	`77`	`};`
`75`	`78`	`input.advance(input_size);`
`76`	`79`	`output.advance(output_size);`
`77`		`- Ok(remaining == 0)`
	`80`	`+`
	`81`	`+ let finished = remaining == 0;`
	`82`	`+ if finished {`
	`83`	`+ self.stream_ended = true;`
	`84`	`+ }`
	`85`	`+ Ok(finished)`
`78`	`86`	`}`
`79`	`87`
`80`	`88`	`fn flush(&mut self, output: &mut WriteBuffer<'_>) -> Result<bool> {`
`@@ -92,6 +100,15 @@ impl DecodeV2 for Lz4Decoder {`
`92`	`100`	`}`
`93`	`101`
`94`	`102`	`fn finish(&mut self, output: &mut WriteBuffer<'_>) -> Result<bool> {`
`95`		`- self.flush(output)`
	`103`	`+ self.flush(output)?;`
	`104`	`+`
	`105`	`+ if self.stream_ended {`
	`106`	`+ Ok(true)`
	`107`	`+ } else {`
	`108`	`+ Err(std::io::Error::new(`
	`109`	`+ std::io::ErrorKind::UnexpectedEof,`
	`110`	`+ "lz4 stream did not finish",`
	`111`	`+ ))`
	`112`	`+ }`
`96`	`113`	`}`
`97`	`114`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,12 +13,14 @@ use zstd_safe::get_error_name;`
`13`	`13`	`#[derive(Debug)]`
`14`	`14`	`pub struct ZstdDecoder {`
`15`	`15`	`decoder: Unshared<Decoder<'static>>,`
	`16`	`+ stream_ended: bool,`
`16`	`17`	`}`
`17`	`18`
`18`	`19`	`impl Default for ZstdDecoder {`
`19`	`20`	`fn default() -> Self {`
`20`	`21`	`Self {`
`21`	`22`	`decoder: Unshared::new(Decoder::new().unwrap()),`
	`23`	`+ stream_ended: false,`
`22`	`24`	`}`
`23`	`25`	`}`
`24`	`26`	`}`
`@@ -35,13 +37,15 @@ impl ZstdDecoder {`
`35`	`37`	`}`
`36`	`38`	`Self {`
`37`	`39`	`decoder: Unshared::new(decoder),`
	`40`	`+ stream_ended: false,`
`38`	`41`	`}`
`39`	`42`	`}`
`40`	`43`
`41`	`44`	`pub fn new_with_dict(dictionary: &[u8]) -> io::Result<Self> {`
`42`	`45`	`let decoder = Decoder::with_dictionary(dictionary)?;`
`43`	`46`	`Ok(Self {`
`44`	`47`	`decoder: Unshared::new(decoder),`
	`48`	`+ stream_ended: false,`
`45`	`49`	`})`
`46`	`50`	`}`
`47`	`51`
`@@ -64,6 +68,7 @@ impl ZstdDecoder {`
`64`	`68`	`impl DecodeV2 for ZstdDecoder {`
`65`	`69`	`fn reinit(&mut self) -> Result<()> {`
`66`	`70`	`self.decoder.get_mut().reinit()?;`
	`71`	`+ self.stream_ended = false;`
`67`	`72`	`Ok(())`
`68`	`73`	`}`
`69`	`74`
`@@ -80,15 +85,32 @@ impl DecodeV2 for ZstdDecoder {`
`80`	`85`	`.run_on_buffers(input.unwritten(), output.unwritten_initialized_mut())?;`
`81`	`86`	`input.advance(status.bytes_read);`
`82`	`87`	`output.advance(status.bytes_written);`
`83`		`- Ok(status.remaining == 0)`
	`88`	`+`
	`89`	`+ let finished = status.remaining == 0;`
	`90`	`+ if finished {`
	`91`	`+ self.stream_ended = true;`
	`92`	`+ }`
	`93`	`+ Ok(finished)`
`84`	`94`	`}`
`85`	`95`
`86`	`96`	`fn flush(&mut self, output: &mut WriteBuffer<'_>) -> Result<bool> {`
	`97`	`+ // Note: stream_ended is not updated here because zstd's flush only flushes`
	`98`	`+ // buffered output and doesn't indicate stream completion. Stream completion`
	`99`	`+ // is detected in decode() when status.remaining == 0.`
`87`	`100`	`self.call_fn_on_out_buffer(output, \|decoder, out_buf\| decoder.flush(out_buf))`
`88`	`101`	`}`
`89`	`102`
`90`	`103`	`fn finish(&mut self, output: &mut WriteBuffer<'_>) -> Result<bool> {`
`91`		`- self.call_fn_on_out_buffer(output, \|decoder, out_buf\| decoder.finish(out_buf, true))`
	`104`	`+ self.call_fn_on_out_buffer(output, \|decoder, out_buf\| decoder.finish(out_buf, true))?;`
	`105`	`+`
	`106`	`+ if self.stream_ended {`
	`107`	`+ Ok(true)`
	`108`	`+ } else {`
	`109`	`+ Err(io::Error::new(`
	`110`	`+ io::ErrorKind::UnexpectedEof,`
	`111`	`+ "zstd stream did not finish",`
	`112`	`+ ))`
	`113`	`+ }`
`92`	`114`	`}`
`93`	`115`	`}`
`94`	`116`