[New-bugs-announce] [issue39017] Infinite loop in the tarfile module

jvoisin report at bugs.python.org
Tue Dec 10 11:19:56 EST 2019

New submission from jvoisin <jvoisin at google.com>:

While playing with fuzzing and Python, I stumbled upon an infinite loop in Python's tarfile module: just open the attached file with `tarfile.open('timeout-a52710a313fdb35fb428c3399277cb640fe2f686')`, and Python will be endlessly stuck in the `_proc_pax` function in tarfile.py, likely due to a missing check of `length` being strictly superior to zero.

files: timeout-a52710a313fdb35fb428c3399277cb640fe2f686
messages: 358200
nosy: ethan.furman, jvoisin
priority: normal
severity: normal
status: open
title: Infinite loop in the tarfile module
type: security
versions: Python 3.7
Added file: https://bugs.python.org/file48768/timeout-a52710a313fdb35fb428c3399277cb640fe2f686

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list