[New-bugs-announce] [issue31531] crash and SystemError in case of a bad zipimport._zip_directory_cache

Oren Milman report at bugs.python.org
Wed Sep 20 09:33:29 EDT 2017

New submission from Oren Milman:

The following code causes the interpreter to crash (in case 'foo.zip' exists):

import zipimport
zipimport._zip_directory_cache['foo.zip'] = None
importer = zipimport.zipimporter('foo.zip')

This is because zipimport_zipimporter___init___impl() (in Modules/zipimport.c)
looks for the zipfile in _zip_directory_cache, and in case it is found, stores
its item in the new ZipImporter. Later, check_is_directory() assumes the stored
item is a dictionary, and passes it to PyDict_Contains(), which crashes.

Similarly, the following code causes a 'SystemError: new style getargs format
but argument is not a tuple':

import zipimport
importer = zipimport.zipimporter('foo.zip')
zipimport._zip_directory_cache['foo.zip']['foo\\__init__.py'] = None

The same would happen if we replace the last line with
"importer.get_data('foo\\__init__.py')" or "importer.get_source('foo')".

This is because various parts of the code assume that the zipfile's item in
_zip_directory_cache is a dictionary, and that the module's item in this
dictionary is a tuple, which is eventually passed to get_data(), which passes
it to PyArg_ParseTuple(), which raises the SystemError.

Actually, I should have found this as part of #28261. ISTM that the fix for
this issue can easily also fix the issue described in #28261, by checking in
get_data() whether toc_entry is an 8-tuple.

Also, PyDict_GetItem() suppresses all errors, so in some places, e.g. in 
get_module_info(), a bad _zip_directory_cache would probably just be ignored.
But ISTM that we should raise an error saying 'invalid _zip_directory_cache'
in any place where _zip_directory_cache is accessed (in case it is invalid).

What do you think?

components: Extension Modules
messages: 302612
nosy: Oren Milman
priority: normal
severity: normal
status: open
title: crash and SystemError in case of a bad zipimport._zip_directory_cache
type: crash
versions: Python 3.7

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list