[Python-checkins] cpython (merge 3.2 -> 3.3): MERGE: Closes #15897: zipimport.c doesn't check return value of fseek()
jesus.cea
python-checkins at python.org
Wed Oct 3 03:04:09 CEST 2012
http://hg.python.org/cpython/rev/0f1637c4d673
changeset: 79422:0f1637c4d673
branch: 3.3
parent: 79415:fa3dcc8c9e52
parent: 79420:4da48083aaab
user: Jesus Cea <jcea at jcea.es>
date: Wed Oct 03 03:00:37 2012 +0200
summary:
MERGE: Closes #15897: zipimport.c doesn't check return value of fseek()
files:
Misc/ACKS | 1 +
Misc/NEWS | 3 ++
Modules/zipimport.c | 43 +++++++++++++++++++++++++++-----
3 files changed, 40 insertions(+), 7 deletions(-)
diff --git a/Misc/ACKS b/Misc/ACKS
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -246,6 +246,7 @@
Jeremy Craven
Laura Creighton
Simon Cross
+Felipe Cruz
Drew Csillag
Joaquin Cuenca Abela
John Cugini
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -467,6 +467,9 @@
- Issue #15020: The program name used to search for Python's path is now
"python3" under Unix, not "python".
+- Issue #15897: zipimport.c doesn't check return value of fseek().
+ Patch by Felipe Cruz.
+
- Issue #15033: Fix the exit status bug when modules invoked using -m swith,
return the proper failure return value (1). Patch contributed by Jeff Knupp.
diff --git a/Modules/zipimport.c b/Modules/zipimport.c
--- a/Modules/zipimport.c
+++ b/Modules/zipimport.c
@@ -875,7 +875,12 @@
PyErr_Format(ZipImportError, "can't open Zip file: %R", archive);
return NULL;
}
- fseek(fp, -22, SEEK_END);
+
+ if (fseek(fp, -22, SEEK_END) == -1) {
+ fclose(fp);
+ PyErr_Format(ZipImportError, "can't read Zip file: %R", archive);
+ return NULL;
+ }
header_position = ftell(fp);
if (fread(endof_central_dir, 1, 22, fp) != 22) {
fclose(fp);
@@ -904,11 +909,13 @@
PyObject *t;
int err;
- fseek(fp, header_offset, 0); /* Start of file header */
+ if (fseek(fp, header_offset, 0) == -1) /* Start of file header */
+ goto fseek_error;
l = PyMarshal_ReadLongFromFile(fp);
if (l != 0x02014B50)
break; /* Bad: Central Dir File Header */
- fseek(fp, header_offset + 8, 0);
+ if (fseek(fp, header_offset + 8, 0) == -1)
+ goto fseek_error;
flags = (unsigned short)PyMarshal_ReadShortFromFile(fp);
compress = PyMarshal_ReadShortFromFile(fp);
time = PyMarshal_ReadShortFromFile(fp);
@@ -920,7 +927,8 @@
header_size = 46 + name_size +
PyMarshal_ReadShortFromFile(fp) +
PyMarshal_ReadShortFromFile(fp);
- fseek(fp, header_offset + 42, 0);
+ if (fseek(fp, header_offset + 42, 0) == -1)
+ goto fseek_error;
file_offset = PyMarshal_ReadLongFromFile(fp) + arc_offset;
if (name_size > MAXPATHLEN)
name_size = MAXPATHLEN;
@@ -980,6 +988,12 @@
PySys_FormatStderr("# zipimport: found %ld names in %R\n",
count, archive);
return files;
+fseek_error:
+ fclose(fp);
+ Py_XDECREF(files);
+ Py_XDECREF(nameobj);
+ PyErr_Format(ZipImportError, "can't read Zip file: %R", archive);
+ return NULL;
error:
fclose(fp);
Py_XDECREF(files);
@@ -1050,7 +1064,12 @@
}
/* Check to make sure the local file header is correct */
- fseek(fp, file_offset, 0);
+ if (fseek(fp, file_offset, 0) == -1) {
+ fclose(fp);
+ PyErr_Format(ZipImportError, "can't read Zip file: %R", archive);
+ return NULL;
+ }
+
l = PyMarshal_ReadLongFromFile(fp);
if (l != 0x04034B50) {
/* Bad: Local File Header */
@@ -1060,7 +1079,12 @@
fclose(fp);
return NULL;
}
- fseek(fp, file_offset + 26, 0);
+ if (fseek(fp, file_offset + 26, 0) == -1) {
+ fclose(fp);
+ PyErr_Format(ZipImportError, "can't read Zip file: %R", archive);
+ return NULL;
+ }
+
l = 30 + PyMarshal_ReadShortFromFile(fp) +
PyMarshal_ReadShortFromFile(fp); /* local header size */
file_offset += l; /* Start of file data */
@@ -1077,8 +1101,13 @@
buf = PyBytes_AsString(raw_data);
err = fseek(fp, file_offset, 0);
- if (err == 0)
+ if (err == 0) {
bytes_read = fread(buf, 1, data_size, fp);
+ } else {
+ fclose(fp);
+ PyErr_Format(ZipImportError, "can't read Zip file: %R", archive);
+ return NULL;
+ }
fclose(fp);
if (err || bytes_read != data_size) {
PyErr_SetString(PyExc_IOError,
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list