fix: GZIP compression compatibility for empty responses

[w1am]

User description

The previous implementation incorrectly used a Static Huffman block header (BTYPE=01) while also including LEN/NLEN fields, which only apply to Stored blocks (BTYPE=00). This produced an invalid DEFLATE structure that some gRPC clients accepted due to lenient parsing, while stricter implementations (Python grpcio) rejected it.

This PR switches from static Huffman encoding to stored block format for empty payloads. Stored format is more explicit and ensures broader compatibility across strict and lenient GZIP parsers.

---

Auto-created Ticket

#5481

PR Type

Bug fix

---

Description

• Fixed DEFLATE block structure for empty GZIP payloads

• Changed from invalid static Huffman format to stored block format

• Ensures compatibility with strict GZIP parsers like Python grpcio

• Added RFC compliance comments for clarity

---

Diagram Walkthrough

flowchart LR
  A["Invalid DEFLATE<br/>Static Huffman + LEN/NLEN"] -->|"Fix"| B["Valid DEFLATE<br/>Stored Block Format"]
  B -->|"Result"| C["Strict Parser<br/>Compatibility"]

Loading

File Walkthrough

Relevant files

Bug fix

Rfc1952GzipCompressionProvider.cs Correct DEFLATE stored block format for empty payload        src/KurrentDB.Common/Compression/Rfc1952GzipCompressionProvider.cs Corrected DEFLATE block header from 0x03 to 0x01 (BFINAL=1, BTYPE=00) Fixed NLEN field from 0x0000 to 0xFFFF (proper one's complement of 0) Added RFC 1952 and RFC 1951 section comments for documentation Maintains identical GZIP header and footer structure +8/-2

---

[w1am]

/review

[qodo-code-review]

PR Compliance Guide 🔍

(Compliance updated until commit 5c34a36)

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🟢	🎫 #5481 🟢 Switch the empty-payload DEFLATE block to the stored block format (BTYPE=00) with the correct BFINAL flag. Fix NLEN to be the one's complement of LEN (use 0xFFFF when LEN is 0). Add RFC documentation comments referencing RFC 1952 (GZIP) and RFC 1951 (DEFLATE).
Codebase Duplication Compliance
🟢	No codebase code duplication found No new components were introduced in the PR code
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

---

Previous compliance checks

Compliance check up to commit 37e2bcb

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
🟢	No codebase code duplication found No new components were introduced in the PR code
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules

[qodo-code-review]

ⓘ Your approaching your monthly quota for Qodo. Upgrade your plan

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis 🔶 5481 - Partially compliant Compliant requirements: Use stored DEFLATE block format (BTYPE=00) with BFINAL set for an empty payload Correct NLEN to 0xFFFF for LEN=0 Add RFC 1952 and RFC 1951 documentation comments Non-compliant requirements: Requires further human verification: Validate interoperability with strict GZIP/DEFLATE parsers (e.g., Python grpcio, and ideally a couple other implementations) by exercising an actual empty gRPC response end-to-end.

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Spec compliance For a stored DEFLATE block, the 3-bit header must be followed by padding to the next byte boundary before LEN/NLEN. The chosen header byte 0x01 appears to encode BFINAL=1, BTYPE=00 with zero padding, but this should be validated against a strict inflater to ensure the bit/byte alignment is correct in practice. // DEFLATE Block (RFC 1951) 0x01, // BFINAL=1, BTYPE=00 (stored/no compression) 0x00, 0x00, // LEN = 0 0xff, 0xff, // NLEN = 0xFFFF (one's complement of 0) Allocation/perf EmptyGzip is a property returning new byte[], which can allocate a new array each access. If this path is hit frequently, consider making it a static readonly byte[] (or caching the ReadOnlyMemory<byte>) to avoid repeated allocations. static ReadOnlyMemory<byte> EmptyGzip => new byte[] { // GZIP Header (RFC 1952) 0x1f, 0x8b, // Magic number 0x08, // Compression method: deflate 0x00, // Flags: none 0x00, 0x00, 0x00, 0x00, // Modification time: 0 (unknown) 0x00, // Extra flags: none 0xff, // Operating system: unknown (255) // DEFLATE Block (RFC 1951) 0x01, // BFINAL=1, BTYPE=00 (stored/no compression) 0x00, 0x00, // LEN = 0 0xff, 0xff, // NLEN = 0xFFFF (one's complement of 0) // GZIP Footer (RFC 1952) 0x00, 0x00, 0x00, 0x00, // CRC-32 for empty data 0x00, 0x00, 0x00, 0x00 // Size: 0 bytes Missing tests The change is correctness/interop-focused; adding a test that inflates/parses EmptyGzip with a strict implementation (or at least validates the DEFLATE block structure and that decompression yields empty output) would prevent regressions. // See RFC 1952 (https://datatracker.ietf.org/doc/html/rfc1952) static ReadOnlyMemory<byte> EmptyGzip => new byte[] { // GZIP Header (RFC 1952) 0x1f, 0x8b, // Magic number 0x08, // Compression method: deflate 0x00, // Flags: none 0x00, 0x00, 0x00, 0x00, // Modification time: 0 (unknown) 0x00, // Extra flags: none 0xff, // Operating system: unknown (255) // DEFLATE Block (RFC 1951) 0x01, // BFINAL=1, BTYPE=00 (stored/no compression) 0x00, 0x00, // LEN = 0 0xff, 0xff, // NLEN = 0xFFFF (one's complement of 0) // GZIP Footer (RFC 1952) 0x00, 0x00, 0x00, 0x00, // CRC-32 for empty data 0x00, 0x00, 0x00, 0x00 // Size: 0 bytes

📄 References No matching references available

[qodo-code-review]

ⓘ Your approaching your monthly quota for Qodo. Upgrade your plan

PR Code Suggestions ✨

No code suggestions found for the PR.

[cloudflare-workers-and-pages]

Deploying eventstore with    Cloudflare Pages

Latest commit:	5c34a36
Status:	✅  Deploy successful!
Preview URL:	https://7cd86c0a.eventstore.pages.dev
Branch Preview URL:	https://w1am-fix-gzip-compression-co.eventstore.pages.dev

View logs