refactor: Use FixedSizeBlock trait to serialize AesExtraField (#640)

* Apply suggested fix to src/write.rs from Copilot Autofix

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com>

* Apply suggested fix to src/write.rs from Copilot Autofix

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com>

* Apply suggested fix to src/write.rs from Copilot Autofix

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com>

* Apply suggested fix to src/write.rs from Copilot Autofix

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com>

* Apply suggested fix to src/write.rs from Copilot Autofix

Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com>

* Update src/write.rs

Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>
Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com>

* Update AesMode reference in AesExtraField struct

Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com>

* Refactor: use FixedSizeBlock trait to serialize AesExtraField

* cargo fmt --all

* [skip ci] fix: Add repr(packed, C) to AesExtraField to fix test failures

The failing tests `write::test::fuzz_crash_2024_07_19a` and 
`write::test::test_fuzz_failure_2024_05_08` were encountering 
"InvalidArchive("Invalid AES encryption strength")" errors because the 
`AesExtraField` struct was missing the `#[repr(packed, C)]` attribute.

Without this attribute, the struct had implicit padding between the 
`aes_mode` (u8) field and the `compression_method` (u16) field, causing 
the binary serialization to not match the expected ZIP AES extra field 
format. This led to incorrect byte offsets when reading the aes_mode 
value, resulting in invalid AES encryption strength values.

This fix ensures the struct is properly packed without padding, matching 
the binary format expected by the ZIP specification.

* Fix: #[repr(packed, C)] applies to struct, not member

* Fix: needs to understand AesExtraField even without aes-crypto feature enabled

---------

Signed-off-by: Chris Hennick <4961925+Pr0methean@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>

Author: 3 people

src/spec.rs

@@ -225,9 +225,10 @@ pub(crate) unsafe trait Pod: Copy + 'static {
 }
 
 pub(crate) trait FixedSizeBlock: Pod {
-    const MAGIC: Magic;
+    type Magic: Copy + Eq;
+    const MAGIC: Self::Magic;
 
-    fn magic(self) -> Magic;
+    fn magic(self) -> Self::Magic;
 
     const WRONG_MAGIC_ERROR: ZipError;
 
@@ -252,7 +253,7 @@ pub(crate) trait FixedSizeBlock: Pod {
 
     fn to_le(self) -> Self;
 
-    fn write<T: Write>(self, writer: &mut T) -> ZipResult<()> {
+    fn write<T: Write + ?Sized>(self, writer: &mut T) -> ZipResult<()> {
         let block = self.to_le();
         writer.write_all(block.as_bytes())?;
         Ok(())
@@ -290,6 +291,7 @@ macro_rules! to_le {
 /* TODO: derive macro to generate these fields? */
 /// Implement `from_le()` and `to_le()`, providing the field specification to both macros
 /// and methods.
+#[macro_export]
 macro_rules! to_and_from_le {
     ($($args:tt),+ $(,)?) => {
         #[inline(always)]
@@ -321,6 +323,7 @@ pub(crate) struct Zip32CDEBlock {
 unsafe impl Pod for Zip32CDEBlock {}
 
 impl FixedSizeBlock for Zip32CDEBlock {
+    type Magic = Magic;
     const MAGIC: Magic = Magic::CENTRAL_DIRECTORY_END_SIGNATURE;
 
     #[inline(always)]
@@ -440,6 +443,7 @@ pub(crate) struct Zip64CDELocatorBlock {
 unsafe impl Pod for Zip64CDELocatorBlock {}
 
 impl FixedSizeBlock for Zip64CDELocatorBlock {
+    type Magic = Magic;
     const MAGIC: Magic = Magic::ZIP64_CENTRAL_DIRECTORY_END_LOCATOR_SIGNATURE;
 
     #[inline(always)]
@@ -517,6 +521,7 @@ pub(crate) struct Zip64CDEBlock {
 unsafe impl Pod for Zip64CDEBlock {}
 
 impl FixedSizeBlock for Zip64CDEBlock {
+    type Magic = Magic;
     const MAGIC: Magic = Magic::ZIP64_CENTRAL_DIRECTORY_END_SIGNATURE;
 
     fn magic(self) -> Magic {
@@ -897,6 +902,7 @@ mod test {
     unsafe impl Pod for TestBlock {}
 
     impl FixedSizeBlock for TestBlock {
+        type Magic = Magic;
         const MAGIC: Magic = Magic::literal(0x01111);
 
         fn magic(self) -> Magic {

src/types.rs

@@ -2,7 +2,7 @@
 use crate::cfg_if_expr;
 use crate::cp437::FromCp437;
 use crate::result::{ZipError, ZipResult, invalid};
-use crate::spec::{self, FixedSizeBlock, Pod, ZipFlags};
+use crate::spec::{self, FixedSizeBlock, Magic, Pod, ZipFlags};
 use crate::write::FileOptionExtension;
 use crate::zipcrypto::EncryptWith;
 use core::fmt::{self, Debug, Formatter};
@@ -18,7 +18,7 @@ pub(crate) mod ffi {
     pub const S_IFLNK: u32 = 0o0120000;
 }
 
-use crate::extra_fields::ExtraField;
+use crate::extra_fields::{ExtraField, UsedExtraField};
 use crate::read::find_data_start;
 use crate::result::DateTimeRangeError;
 use crate::spec::is_dir;
@@ -1067,17 +1067,18 @@ pub(crate) struct ZipCentralEntryBlock {
 unsafe impl Pod for ZipCentralEntryBlock {}
 
 impl FixedSizeBlock for ZipCentralEntryBlock {
-    const MAGIC: spec::Magic = spec::Magic::CENTRAL_DIRECTORY_HEADER_SIGNATURE;
+    type Magic = Magic;
+    const MAGIC: Magic = Magic::CENTRAL_DIRECTORY_HEADER_SIGNATURE;
 
     #[inline(always)]
-    fn magic(self) -> spec::Magic {
+    fn magic(self) -> Magic {
         self.magic
     }
 
     const WRONG_MAGIC_ERROR: ZipError = invalid!("Invalid Central Directory header");
 
     to_and_from_le![
-        (magic, spec::Magic),
+        (magic, Magic),
         (version_made_by, u16),
         (version_to_extract, u16),
         (flags, u16),
@@ -1116,17 +1117,18 @@ pub(crate) struct ZipLocalEntryBlock {
 unsafe impl Pod for ZipLocalEntryBlock {}
 
 impl FixedSizeBlock for ZipLocalEntryBlock {
-    const MAGIC: spec::Magic = spec::Magic::LOCAL_FILE_HEADER_SIGNATURE;
+    type Magic = Magic;
+    const MAGIC: Magic = Magic::LOCAL_FILE_HEADER_SIGNATURE;
 
     #[inline(always)]
-    fn magic(self) -> spec::Magic {
+    fn magic(self) -> Magic {
         self.magic
     }
 
     const WRONG_MAGIC_ERROR: ZipError = invalid!("Invalid local file header");
 
     to_and_from_le![
-        (magic, spec::Magic),
+        (magic, Magic),
         (version_made_by, u16),
         (flags, u16),
         (compression_method, u16),
@@ -1239,17 +1241,18 @@ pub(crate) struct ZipDataDescriptorBlock {
 unsafe impl Pod for ZipDataDescriptorBlock {}
 
 impl FixedSizeBlock for ZipDataDescriptorBlock {
-    const MAGIC: spec::Magic = spec::Magic::DATA_DESCRIPTOR_SIGNATURE;
+    type Magic = Magic;
+    const MAGIC: Magic = Magic::DATA_DESCRIPTOR_SIGNATURE;
 
     #[inline(always)]
-    fn magic(self) -> spec::Magic {
+    fn magic(self) -> Magic {
         self.magic
     }
 
     const WRONG_MAGIC_ERROR: ZipError = invalid!("Invalid data descriptor header");
 
     to_and_from_le![
-        (magic, spec::Magic),
+        (magic, Magic),
         (crc32, u32),
         (compressed_size, u32),
         (uncompressed_size, u32),
@@ -1268,6 +1271,7 @@ pub(crate) struct Zip64DataDescriptorBlock {
 unsafe impl Pod for Zip64DataDescriptorBlock {}
 
 impl FixedSizeBlock for Zip64DataDescriptorBlock {
+    type Magic = Magic;
     const MAGIC: spec::Magic = spec::Magic::DATA_DESCRIPTOR_SIGNATURE;
 
     #[inline(always)]
@@ -1328,6 +1332,56 @@ impl AesMode {
     }
 }
 
+#[derive(Copy, Clone)]
+#[repr(packed, C)]
+pub(crate) struct AesExtraField {
+    header_id: u16,
+    data_size: u16,
+    version: u16,
+    vendor_id: u16,
+    aes_mode: u8,
+    compression_method: u16,
+}
+
+unsafe impl Pod for AesExtraField {}
+
+impl FixedSizeBlock for AesExtraField {
+    type Magic = u16;
+    const MAGIC: Self::Magic = UsedExtraField::AeXEncryption as u16;
+
+    fn magic(self) -> Self::Magic {
+        Self::MAGIC
+    }
+
+    const WRONG_MAGIC_ERROR: ZipError = invalid!("Wrong AES header ID");
+
+    to_and_from_le![
+        (header_id, u16),
+        (data_size, u16),
+        (version, u16),
+        (vendor_id, u16),
+        (aes_mode, u8),
+        (compression_method, u16)
+    ];
+}
+
+impl AesExtraField {
+    pub(crate) fn new(
+        version: AesVendorVersion,
+        aes_mode: AesMode,
+        compression_method: CompressionMethod,
+    ) -> Self {
+        Self {
+            header_id: UsedExtraField::AeXEncryption as u16,
+            data_size: 7,
+            version: version as u16,
+            vendor_id: u16::from_le_bytes(*b"AE"),
+            aes_mode: aes_mode as u8,
+            compression_method: compression_method.serialize_to_u16(),
+        }
+    }
+}
+
 #[cfg(test)]
 mod test {
     #[test]

src/write.rs

@@ -7,8 +7,8 @@ use crate::result::{ZipError, ZipResult, invalid};
 use crate::spec::{self, FixedSizeBlock, Zip32CDEBlock};
 use crate::types::ffi::S_IFLNK;
 use crate::types::{
-    AesVendorVersion, DateTime, MIN_VERSION, Zip64ExtraFieldBlock, ZipFileData, ZipLocalEntryBlock,
-    ZipRawValues, ffi,
+    AesExtraField, AesVendorVersion, DateTime, MIN_VERSION, Zip64ExtraFieldBlock, ZipFileData,
+    ZipLocalEntryBlock, ZipRawValues, ffi,
 };
 use core::default::Default;
 use core::fmt::{Debug, Formatter};
@@ -253,6 +253,28 @@ pub struct ExtendedFileOptions {
 
 impl ExtendedFileOptions {
     /// Adds an extra data field, unless we detect that it's invalid.
+    ///
+    /// # Parameters
+    ///
+    /// * `header_id` – The 2‑byte identifier of the ZIP extra field to add.
+    ///   This value determines the type/format of `data` and should either be
+    ///   one of the standard ZIP extra field IDs defined by the ZIP
+    ///   specification or an application‑specific (vendor) ID.
+    /// * `data` – The raw payload for the extra field, without the leading
+    ///   header ID or length; those are derived from `header_id` and
+    ///   `data.len()` and written automatically.
+    /// * `central_only` – Controls where the extra field is stored:
+    ///   * When `true`, the field is appended only to the central directory
+    ///     extra data (`central_extra_data`), and the corresponding local file
+    ///     header is left unchanged.
+    ///   * When `false`, the field is appended to the local file header extra
+    ///     data (`extra_data`) and may also be reflected in the central
+    ///     directory, depending on how the ZIP is written.
+    ///
+    /// The combined size of all extra data (local + central) must not exceed
+    /// `u16::MAX`. If adding this field would exceed that limit or produce an
+    /// invalid extra data structure, an error is returned and no data is
+    /// added.
     pub fn add_extra_data<D: AsRef<[u8]>>(
         &mut self,
         header_id: u16,
@@ -276,6 +298,17 @@ impl ExtendedFileOptions {
         }
     }
 
+    /// Appends an extra data field to the given buffer without enforcing global size limits.
+    ///
+    /// Unlike [`ExtendedFileOptions::add_extra_data`], this function:
+    /// - Does **not** check that the combined size of local and central extra data fits into
+    ///   `u16::MAX` bytes as required by the ZIP format.
+    /// - Does **not** re-validate the entire extra-data block after appending.
+    ///
+    /// Callers must ensure that:
+    /// - Using this function will not cause the overall extra-data length to exceed `u16::MAX`.
+    /// - The resulting buffer remains a well-formed sequence of extra fields (or is validated
+    ///   later with [`Self::validate_extra_data`]).
     pub(crate) fn add_extra_data_unchecked(
         vec: &mut Vec<u8>,
         header_id: u16,
@@ -939,6 +972,21 @@ impl<W: Write + Seek> ZipWriter<W> {
     ///
     /// # Safety
     ///
+    /// This function assumes that `length` and `crc32` accurately describe the data that has
+    /// been (or will be) written for the currently open file entry.
+    ///
+    /// The caller must ensure that:
+    /// - A file entry is currently being written (that is, [`start_file`] or equivalent has
+    ///   been called successfully and `abort_file` has not been called since).
+    /// - `length` is the exact uncompressed size, in bytes, of the file data written to the
+    ///   underlying [`Write`] implementation for this entry.
+    /// - `crc32` is the correct CRC-32 checksum for that same data, in the format expected by
+    ///   the ZIP specification.
+    ///
+    /// If these requirements are not met, the generated ZIP archive may contain inconsistent
+    /// or corrupt metadata, which can cause readers to report errors, skip data, or accept
+    /// data whose integrity cannot be verified.
+    ///
     /// This overwrites the internal crc32 calculation. It should only be used in case
     /// the underlying [Write] is written independently and you need to adjust the zip metadata.
     pub unsafe fn set_file_metadata(&mut self, length: u64, crc32: u32) -> ZipResult<()> {
@@ -1302,8 +1350,6 @@ impl<W: Write + Seek> ZipWriter<W> {
         Ok(())
     }
 
-    /* TODO: link to/use Self::finish_into_readable() from https://github.com/zip-rs/zip/pull/400 in
-     * this docstring. */
     /// Copy over the entire contents of another archive verbatim.
     ///
     /// This method extracts file metadata from the `source` archive, then simply performs a single
@@ -2166,22 +2212,11 @@ fn update_aes_extra_data<W: Write + Seek>(
         extra_data_start + file.aes_extra_data_start,
     ))?;
 
-    let mut buf = Vec::new();
-
-    /* TODO: implement this using the Block trait! */
-    // Extra field header ID.
-    buf.write_u16_le(UsedExtraField::AeXEncryption as u16)?;
-    // Data size.
-    buf.write_u16_le(7)?;
-    // Integer version number.
-    buf.write_u16_le(*version as u16)?;
-    // Vendor ID.
-    buf.write_all(b"AE")?;
-    // AES encryption strength.
-    buf.write_all(&[*aes_mode as u8])?;
-    // Real compression method.
-    buf.write_u16_le(compression_method.serialize_to_u16())?;
+    let mut buf = [0u8; size_of::<AesExtraField>()];
+
+    let aes_extra_field = AesExtraField::new(*version, *aes_mode, *compression_method);
 
+    aes_extra_field.write(&mut buf.as_mut())?;
     writer.write_all(&buf)?;
 
     let aes_extra_data_start = file.aes_extra_data_start as usize;
@@ -2191,7 +2226,8 @@ fn update_aes_extra_data<W: Write + Seek>(
         ));
     };
     let extra_field = Arc::make_mut(extra_field);
-    extra_field[aes_extra_data_start..aes_extra_data_start + buf.len()].copy_from_slice(&buf);
+    extra_field[aes_extra_data_start..aes_extra_data_start + size_of::<AesExtraField>()]
+        .copy_from_slice(&buf);
 
     Ok(())
 }