fix: panic when reading empty extended-timestamp field (#404) (#422)

* fix: panic when reading empty extended-timestamp field (#404)

* Add test assertion message

Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
Signed-off-by: Chris Hennick <[email protected]>

* Update src/extra_fields/extended_timestamp.rs

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Chris Hennick <[email protected]>

* Update src/extra_fields/extended_timestamp.rs

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Signed-off-by: Chris Hennick <[email protected]>

* Simplify test per Gemini suggestion

---------

Signed-off-by: Chris Hennick <[email protected]>
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

Author: 3 people

src/extra_fields/extended_timestamp.rs

@@ -1,3 +1,4 @@
+use crate::result::invalid;
 use crate::result::{ZipError, ZipResult};
 use crate::unstable::LittleEndianReadExt;
 use std::io::Read;
@@ -20,6 +21,9 @@ impl ExtendedTimestamp {
     where
         R: Read,
     {
+        if len == 0 {
+            return Err(invalid!("Extended timestamp field is empty"));
+        }
         let mut flags = [0u8];
         let mut bytes_to_read = len as usize;
         reader.read_exact(&mut flags)?;
@@ -92,3 +96,16 @@ impl ExtendedTimestamp {
         self.cr_time
     }
 }
+
+#[test]
+/// Ensure we don't panic or read garbage data if the field body is empty
+pub fn test_bad_extended_timestamp() -> ZipResult<()> {
+    use crate::ZipArchive;
+    use std::io::Cursor;
+
+    assert!(ZipArchive::new(Cursor::new(include_bytes!(
+        "../../tests/data/extended_timestamp_bad.zip"
+    )))
+    .is_err());
+    Ok(())
+}