validate ZIP central directory and throw on corruption

The readCentralDir() scan for the End-of-Central-Directory signature
silently fell through when it was missing, leaving the file pointer
past EOF and feeding null to unpack(). That surfaced as PHP warnings
("unpack(): Type V: not enough input") rather than a meaningful error.

Detect both the missing EOCD signature and a failed unpack() and raise
ArchiveCorruptedException instead, matching the error handling used
elsewhere in the package. Added tests covering a non-ZIP payload and
a file too short to hold an EOCD record.

Author: claude

src/Zip.php

@@ -89,6 +89,7 @@ public function contents()
      *
      * @see contents()
      * @throws ArchiveIOException
+     * @throws ArchiveCorruptedException
      * @return FileInfo[]
      */
     public function yieldContents()
@@ -129,6 +130,7 @@ public function yieldContents()
      * @param string     $exclude a regular expression of files to exclude
      * @param string     $include a regular expression of files to include
      * @throws ArchiveIOException
+     * @throws ArchiveCorruptedException
      * @return FileInfo[]
      */
     public function extract($outdir, $strip = '', $exclude = '', $include = '')
@@ -538,6 +540,7 @@ public function save($file)
      * This key-value list contains general information about the ZIP file
      *
      * @return array
+     * @throws ArchiveCorruptedException when the file is not a valid ZIP archive
      */
     protected function readCentralDir()
     {
@@ -551,20 +554,33 @@ protected function readCentralDir()
         @fseek($this->fh, $size - $maximum_size);
         $pos   = ftell($this->fh);
         $bytes = 0x00000000;
+        $found = false;
 
         while ($pos < $size) {
             $byte  = @fread($this->fh, 1);
             $bytes = (($bytes << 8) & 0xFFFFFFFF) | ord($byte);
             if ($bytes == 0x504b0506) {
+                $found = true;
                 break;
             }
             $pos++;
         }
 
+        if (!$found) {
+            throw new ArchiveCorruptedException(
+                'End of central directory signature not found - not a valid ZIP file'
+            );
+        }
+
         $data = unpack(
             'vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size',
             fread($this->fh, 18)
         );
+        if ($data === false) {
+            throw new ArchiveCorruptedException(
+                'Could not read end of central directory record'
+            );
+        }
 
         if ($data['comment_size'] != 0) {
             $centd['comment'] = fread($this->fh, $data['comment_size']);

tests/ZipTestCase.php

@@ -52,6 +52,41 @@ public function testMissing()
         $tar->open('nope.zip');
     }
 
+    /**
+     * Feeding a file without an End-of-Central-Directory signature must raise
+     * ArchiveCorruptedException, not bubble up PHP warnings from unpack().
+     */
+    public function testNotAZip()
+    {
+        $tmp = tempnam(sys_get_temp_dir(), 'phpa-bad-');
+        file_put_contents($tmp, str_repeat('this is not a zip file ', 50));
+        try {
+            $zip = new Zip();
+            $zip->open($tmp);
+            $this->expectException(ArchiveCorruptedException::class);
+            iterator_to_array($zip->yieldContents());
+        } finally {
+            @unlink($tmp);
+        }
+    }
+
+    /**
+     * A truncated file (smaller than the EOCD record) must also fail cleanly.
+     */
+    public function testTruncatedFile()
+    {
+        $tmp = tempnam(sys_get_temp_dir(), 'phpa-trunc-');
+        file_put_contents($tmp, "PK\x03\x04");
+        try {
+            $zip = new Zip();
+            $zip->open($tmp);
+            $this->expectException(ArchiveCorruptedException::class);
+            iterator_to_array($zip->yieldContents());
+        } finally {
+            @unlink($tmp);
+        }
+    }
+
     /**
      * simple test that checks that the given filenames and contents can be grepped from
      * the uncompressed zip stream