In the first branch of the next block from bufferContainSignature
readTooMuch should probably add expectedDDLen rather than subtract it. It leaves the DD inside of the read stream for the last stored entry rather than positioning the stream in front of it. Unfortunately we don't seem to have a single unit test that would execute the branch.
Also the current implementation of bufferContainSignature will stop when a local file header is found even before enough data for a data descriptor has been read at all. In
COMPRESS-480 it will detect the very first local file header in the embedded XPI file at offset 0 even though there must be twelve bytes of data descriptor before the first candidate.