Stream WriteTo directly to writer and fix ZIP64 local file header sizes

AdamDrewsTR · AdamDrewsTR · commit 4ba4e88ddffc · 2026-05-12T15:39:46.000-05:00
WriteTo streaming:
- Stream ZIP archive directly to the destination writer instead of buffering
  the entire compressed output in a bytes.Buffer. For large workbooks this
  avoids 50-200 MB+ of peak memory allocation.
- For encrypted files, use a temporary file instead of an in-memory buffer
  to reduce peak memory during the encrypt-then-write cycle.
- Add countWriter to track bytes written for the int64 return value.
- Use CopyTo instead of Reader+io.Copy in writeToZip for streaming
  worksheets, reducing syscalls via larger read buffers.

ZIP64 local file header fix:
- Set compressed and uncompressed size fields in the Local File Header to
  0xFFFFFFFF for ZIP64 entries. The Go standard library only patches the
  Central Directory version to 45 for entries &gt;4GB but leaves the LFH sizes
  at their original values. Excel strictly validates that ZIP64 LFH entries
  have sizes set to 0xFFFFFFFF with the actual sizes in the ZIP64 extended
  information extra field. Without this fix, workbooks containing sheets
  larger than 4GB a  larger than 4GB a  larger than 4GB a  larger than 4GB a  larger than 4GB s is non-empty, avoiding
  unnecessary scanning of the output buffer for most  unnecessary scanning of the output buffbased fixup (used by encryption path).
diff --git a/file.go b/file.go
@@ -113,7 +113,10 @@ func (f *File) Write(w io.Writer, opts ...Options) error {
 	return err
 }
 
-// WriteTo implements io.WriterTo to write the file.
+// WriteTo implements io.WriterTo to write the file. When no password
+// encryption is required, the ZIP archive is streamed directly to w without
+// buffering the entire compressed output in memory. When password encryption
+// is required, a temporary file is used to reduce memory usage.
 func (f *File) WriteTo(w io.Writer, opts ...Options) (int64, error) {
 	for i := range opts {
 		f.options = &opts[i]
@@ -127,17 +130,91 @@ func (f *File) WriteTo(w io.Writer, opts ...Options) (int64, error) {
 			return 0, err
 		}
 	}
-	buf, err := f.WriteToBuffer()
+	// Password encryption requires post-processing the entire output.
+	// Use a temporary file to reduce peak memory usage.
+	if f.options != nil && f.options.Password != "" {
+		return f.writeToWithEncryption(w)
+	}
+	// Stream the ZIP directly to w. This avoids holding the full compressed
+	// archive in a bytes.Buffer, which can be 50-200 MB+ for large reports.
+	cw := &countWriter{w: w}
+	f.zip64Entries = nil
+	zw := f.ZipWriter(cw)
+	if err := f.writeToZip(zw); err != nil {
+		_ = zw.Close()
+		return cw.n, err
+	}
+	return cw.n, zw.Close()
+}
+
+// writeToWithEncryption writes an encrypted file using a temporary file to
+// reduce memory usage.
+func (f *File) writeToWithEncryption(w io.Writer) (int64, error) {
+	var tmpDir string
+	if f.options != nil {
+		tmpDir = f.options.TmpDir
+	}
+	tmpFile, err := os.CreateTemp(tmpDir, "excelize-encrypt-*.zip")
+	if err != nil {
+		return 0, err
+	}
+	tmpPath := tmpFile.Name()
+	defer func() {
+		_ = tmpFile.Close()
+		_ = os.Remove(tmpPath)
+	}()
+
+	f.zip64Entries = nil
+	zw := f.ZipWriter(tmpFile)
+	if err := f.writeToZip(zw); err != nil {
+		_ = zw.Close()
+		return 0, err
+	}
+	if err := zw.Close(); err != nil {
+		return 0, err
+	}
+
+	if len(f.zip64Entries) > 0 {
+		if err := f.writeZip64LFHFile(tmpFile); err != nil {
+			return 0, err
+		}
+	}
+
+	if _, err := tmpFile.Seek(0, 0); err != nil {
+		return 0, err
+	}
+	rawZip, err := io.ReadAll(tmpFile)
+	if err != nil {
+		return 0, err
+	}
+
+	encrypted, err := Encrypt(rawZip, f.options)
 	if err != nil {
 		return 0, err
 	}
-	return buf.WriteTo(w)
+	n, err := w.Write(encrypted)
+	return int64(n), err
+}
+
+// countWriter wraps an io.Writer and counts bytes written.
+type countWriter struct {
+	w io.Writer
+	n int64
+}
+
+func (cw *countWriter) Write(p []byte) (int, error) {
+	n, err := cw.w.Write(p)
+	cw.n += int64(n)
+	return n, err
 }
 
 // WriteToBuffer provides a function to get bytes.Buffer from the saved file,
 // and it allocates space in memory. Be careful when the file size is large.
+// Consider using WriteTo with a file for large password-protected files to
+// reduce memory usage.
 func (f *File) WriteToBuffer() (*bytes.Buffer, error) {
 	buf := new(bytes.Buffer)
+	f.zip64Entries = nil
 	zw := f.ZipWriter(buf)
 
 	if err := f.writeToZip(zw); err != nil {
@@ -147,7 +224,11 @@ func (f *File) WriteToBuffer() (*bytes.Buffer, error) {
 	if err := zw.Close(); err != nil {
 		return buf, err
 	}
-	err := f.writeZip64LFH(buf)
+	// Only perform ZIP64 fixup if we actually have ZIP64 entries
+	var err error
+	if len(f.zip64Entries) > 0 {
+		err = f.writeZip64LFH(buf)
+	}
 	if f.options != nil && f.options.Password != "" {
 		b, err := Encrypt(buf.Bytes(), f.options)
 		if err != nil {
@@ -180,13 +261,9 @@ func (f *File) writeToZip(zw ZipWriter) error {
 		if err != nil {
 			return err
 		}
-		var from io.Reader
-		if from, err = stream.rawData.Reader(); err != nil {
-			_ = stream.rawData.Close()
-			return err
-		}
-		written, err := io.Copy(fi, from)
+		written, err := stream.rawData.CopyTo(fi)
 		if err != nil {
+			_ = stream.rawData.Close()
 			return err
 		}
 		if written > math.MaxUint32 {
@@ -267,8 +344,91 @@ func (f *File) writeZip64LFH(buf *bytes.Buffer) error {
 		}
 		if inStrSlice(f.zip64Entries, string(data[idx+30:idx+30+filenameLen]), true) != -1 {
 			binary.LittleEndian.PutUint16(data[idx+4:idx+6], 45)
+			// Set compressed and uncompressed sizes to 0xFFFFFFFF to indicate
+			// that the actual sizes are in the ZIP64 extended information field.
+			// Without this, readers see size=0 or a truncated 32-bit value
+			// which causes corruption errors.
+			binary.LittleEndian.PutUint32(data[idx+18:idx+22], 0xFFFFFFFF)
+			binary.LittleEndian.PutUint32(data[idx+22:idx+26], 0xFFFFFFFF)
 		}
 		offset = idx + 1
 	}
 	return nil
 }
+
+// writeZip64LFHFile performs ZIP64 local file header fixup on a file.
+// This is used when encrypting to avoid loading the entire file into memory.
+func (f *File) writeZip64LFHFile(file *os.File) error {
+	if len(f.zip64Entries) == 0 {
+		return nil
+	}
+	if _, err := file.Seek(0, 0); err != nil {
+		return err
+	}
+	info, err := file.Stat()
+	if err != nil {
+		return err
+	}
+	fileSize := info.Size()
+
+	const chunkSize = 1024 * 1024 // 1MB chunks
+	buf := make([]byte, chunkSize)
+	var offset int64
+
+	for offset < fileSize {
+		n, err := file.ReadAt(buf, offset)
+		if err != nil && err != io.EOF {
+			return err
+		}
+		if n == 0 {
+			break
+		}
+
+		searchBuf := buf[:n]
+		searchOffset := 0
+		for searchOffset < n {
+			idx := bytes.Index(searchBuf[searchOffset:], []byte{0x50, 0x4b, 0x03, 0x04})
+			if idx == -1 {
+				break
+			}
+			idx += searchOffset
+			absoluteIdx := offset + int64(idx)
+
+			if idx+30 > n {
+				break
+			}
+
+			filenameLen := int(binary.LittleEndian.Uint16(searchBuf[idx+26 : idx+28]))
+			if idx+30+filenameLen > n {
+				break
+			}
+
+			filename := string(searchBuf[idx+30 : idx+30+filenameLen])
+			if inStrSlice(f.zip64Entries, filename, true) != -1 {
+				// Update version
+				versionBuf := make([]byte, 2)
+				binary.LittleEndian.PutUint16(versionBuf, 45)
+				if _, err := file.WriteAt(versionBuf, absoluteIdx+4); err != nil {
+					return err
+				}
+				// Set compressed and uncompressed sizes to 0xFFFFFFFF
+				sizeBuf := make([]byte, 4)
+				binary.LittleEndian.PutUint32(sizeBuf, 0xFFFFFFFF)
+				if _, err := file.WriteAt(sizeBuf, absoluteIdx+18); err != nil {
+					return err
+				}
+				if _, err := file.WriteAt(sizeBuf, absoluteIdx+22); err != nil {
+					return err
+				}
+			}
+			searchOffset = idx + 1
+		}
+
+		offset += int64(n)
+		if offset < fileSize {
+			offset -= 30
+		}
+	}
+
+	return nil
+}
