zlib: reject trailing gzip members in web streams#64023
Open
panva wants to merge 3 commits into
Open
Conversation
Pass the existing rejectGarbageAfterEnd option through to the native zlib context and skip gunzip's concatenated-member loop when it is set. This lets DecompressionStream reject a second gzip member as trailing input while preserving default zlib gunzip behavior. Also make the sync zlib path honor rejectGarbageAfterEnd when native decompression leaves unused input, covering Brotli as well. Fixes: nodejs#58247 Signed-off-by: Filip Skokan <[email protected]>
88f47d2 to
481083c
Compare
Document rejectGarbageAfterEnd as a public decompression option and validate it as a boolean. Add coverage for stream, async convenience, and sync convenience APIs across zlib, gzip, Brotli, and Zstd-backed decompression. Signed-off-by: Filip Skokan <[email protected]>
481083c to
a47d32d
Compare
addaleax
reviewed
Jun 20, 2026
| [convenience methods][]. **Default:** [`buffer.kMaxLength`][] | ||
| * `rejectGarbageAfterEnd` {boolean} If `true`, decompression fails when | ||
| trailing input is detected after the end of the compressed stream. | ||
| **Default:** `false` |
Member
There was a problem hiding this comment.
The docs should be explicit about the fact that this does not just refer to actual "garbage", i.e. unreadable bytes, but also additional gzip streams following the first one.
Member
Author
There was a problem hiding this comment.
If it was me i'd name the option different. But alas i'm just documenting one that was already there unfortunately exposed.
That said i can name it better, suggestion?, and alias one for the other.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pass the existing rejectGarbageAfterEnd option through to the native zlib context and skip gunzip's concatenated-member loop when it is set. This lets DecompressionStream reject a second gzip member as trailing input while preserving default zlib gunzip behavior.
Also make the sync zlib path honor rejectGarbageAfterEnd when native decompression leaves unused input, covering Brotli as well.
Fixes: #58247
Document rejectGarbageAfterEnd as a public decompression option and validate it as a boolean.
Add coverage for stream, async convenience, and sync convenience APIs across zlib, gzip, Brotli, and Zstd-backed decompression.