[New-bugs-announce] [issue4844] ZipFile doesn't range check in _EndRecData()

Yngve AAdlandsvik report at bugs.python.org
Mon Jan 5 16:24:11 CET 2009

New submission from Yngve AAdlandsvik <ymgve at start.no>:

If you have a .zip file with an incomplete "End of Central Directory" 
record, _EndRecData() will throw a struct.error:

D:\c64workdir\Ultimate_Mag_Archive>e:ziptest.py "old - 
Handling A-z\0\64times01-double.zip
Traceback (most recent call last):
  File "E:\wwwroot\c64db\tools\ziptest.py", line 48, in <module>
    ok = handle_file(data, rel_filename)
  File "E:\wwwroot\c64db\tools\ziptest.py", line 19, in handle_file
    z = zipfile.ZipFile(cStringIO.StringIO(data), "r")
  File "C:\Python26\lib\zipfile.py", line 698, in __init__
  File "C:\Python26\lib\zipfile.py", line 718, in _GetContents
  File "C:\Python26\lib\zipfile.py", line 728, in _RealGetContents
    endrec = _EndRecData(fp)
  File "C:\Python26\lib\zipfile.py", line 219, in _EndRecData
    endrec = list(struct.unpack(structEndArchive, recData))
struct.error: unpack requires a string argument of length 22

The fix is to include a check to see if there is data enough for the 
whole record before attempting to unpack.

components: Library (Lib)
messages: 79155
nosy: ymgve
severity: normal
status: open
title: ZipFile doesn't range check in _EndRecData()
versions: Python 2.6

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list