[ python-Bugs-1083110 ] truncated gzip file triggers zlibmodule
segfault
SourceForge.net
noreply at sourceforge.net
Fri Dec 10 19:54:12 CET 2004
Bugs item #1083110, was opened at 2004-12-10 10:54
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1083110&group_id=5470
Category: Extension Modules
Group: Python 2.4
Status: Open
Resolution: None
Priority: 5
Submitted By: Sam Rushing (rushing)
Assigned to: Nobody/Anonymous (nobody)
Summary: truncated gzip file triggers zlibmodule segfault
Initial Comment:
If gzip.py reads a mangled/truncated file and leaves
the file pointer at EOF, the zlibmodule will crash when
it calls 'flush' (PyZlib_unflush()). I've traced through
zlib a bit, and I think the problem is that the 'avail_in'
slot of the decompression struct is left uninitialized.
The problem can be made to go away by setting that
slot to zero in either PyZlib_decompressobj(), or in
PyZlib_unflush() itself. However, I'm not familiar enough
with the code to know if there's some other reason
the slot contains garbage.
Reproduction:
>>> open ('x.gz', 'wb').write
('\x1f\x8b\x08\x08b\xee\xb9A\x00\x03x\x00')
>>> import gzip
>>> gzip.GzipFile ('x.gz', 'rb').read()
Segmentation fault (core dumped)
[the above data is simply a small gzip file truncated
after the zero-terminated filename]
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1083110&group_id=5470
More information about the Python-bugs-list
mailing list