[Python-checkins] cpython (3.3): #19839: Fix lzma module's handling of non-lzma data at EOF.

nadeem.vawda python-checkins at python.org
Wed Dec 4 23:30:15 CET 2013 

http://hg.python.org/cpython/rev/bec2033ee2ec
changeset:   87770:bec2033ee2ec
branch:      3.3
user:        Nadeem Vawda <nadeem.vawda at gmail.com>
date:        Wed Dec 04 23:03:49 2013 +0100
summary:
  #19839: Fix lzma module's handling of non-lzma data at EOF.

files:
  Lib/lzma.py           |  28 +++++++++++++++++++++-------
  Lib/test/test_lzma.py |  26 ++++++++++++++++++++++++++
  Misc/NEWS             |   2 +-
  3 files changed, 48 insertions(+), 8 deletions(-)


diff --git a/Lib/lzma.py b/Lib/lzma.py
--- a/Lib/lzma.py
+++ b/Lib/lzma.py
@@ -224,11 +224,18 @@
                     raise EOFError("Compressed file ended before the "
                                    "end-of-stream marker was reached")
 
-            # Continue to next stream.
             if self._decompressor.eof:
+                # Continue to next stream.
                 self._decompressor = LZMADecompressor(**self._init_args)
-
-            self._buffer = self._decompressor.decompress(rawblock)
+                try:
+                    self._buffer = self._decompressor.decompress(rawblock)
+                except LZMAError:
+                    # Trailing data isn't a valid compressed stream; ignore it.
+                    self._mode = _MODE_READ_EOF
+                    self._size = self._pos
+                    return False
+            else:
+                self._buffer = self._decompressor.decompress(rawblock)
 
     # Read data until EOF.
     # If return_data is false, consume the data without returning it.
@@ -444,11 +451,18 @@
     results = []
     while True:
         decomp = LZMADecompressor(format, memlimit, filters)
-        results.append(decomp.decompress(data))
+        try:
+            res = decomp.decompress(data)
+        except LZMAError:
+            if results:
+                break  # Leftover data is not a valid LZMA/XZ stream; ignore it.
+            else:
+                raise  # Error on the first iteration; bail out.
+        results.append(res)
         if not decomp.eof:
             raise LZMAError("Compressed data ended before the "
                             "end-of-stream marker was reached")
-        if not decomp.unused_data:
-            return b"".join(results)
-        # There is unused data left over. Proceed to next stream.
         data = decomp.unused_data
+        if not data:
+            break
+    return b"".join(results)
diff --git a/Lib/test/test_lzma.py b/Lib/test/test_lzma.py
--- a/Lib/test/test_lzma.py
+++ b/Lib/test/test_lzma.py
@@ -314,6 +314,8 @@
 
     def test_decompress_bad_input(self):
         with self.assertRaises(LZMAError):
+            lzma.decompress(COMPRESSED_BOGUS)
+        with self.assertRaises(LZMAError):
             lzma.decompress(COMPRESSED_RAW_1)
         with self.assertRaises(LZMAError):
             lzma.decompress(COMPRESSED_ALONE, format=lzma.FORMAT_XZ)
@@ -348,6 +350,16 @@
         ddata = lzma.decompress(COMPRESSED_XZ + COMPRESSED_ALONE)
         self.assertEqual(ddata, INPUT * 2)
 
+    # Test robust handling of non-LZMA data following the compressed stream(s).
+
+    def test_decompress_trailing_junk(self):
+        ddata = lzma.decompress(COMPRESSED_XZ + COMPRESSED_BOGUS)
+        self.assertEqual(ddata, INPUT)
+
+    def test_decompress_multistream_trailing_junk(self):
+        ddata = lzma.decompress(COMPRESSED_XZ * 3 + COMPRESSED_BOGUS)
+        self.assertEqual(ddata, INPUT * 3)
+
 
 class TempFile:
     """Context manager - creates a file, and deletes it on __exit__."""
@@ -658,6 +670,14 @@
         finally:
             lzma._BUFFER_SIZE = saved_buffer_size
 
+    def test_read_trailing_junk(self):
+        with LZMAFile(BytesIO(COMPRESSED_XZ + COMPRESSED_BOGUS)) as f:
+            self.assertEqual(f.read(), INPUT)
+
+    def test_read_multistream_trailing_junk(self):
+        with LZMAFile(BytesIO(COMPRESSED_XZ * 5 + COMPRESSED_BOGUS)) as f:
+            self.assertEqual(f.read(), INPUT * 5)
+
     def test_read_from_file(self):
         with TempFile(TESTFN, COMPRESSED_XZ):
             with LZMAFile(TESTFN) as f:
@@ -687,6 +707,10 @@
         with LZMAFile(BytesIO(COMPRESSED_XZ)) as f:
             self.assertRaises(TypeError, f.read, None)
 
+    def test_read_bad_data(self):
+        with LZMAFile(BytesIO(COMPRESSED_BOGUS)) as f:
+            self.assertRaises(LZMAError, f.read)
+
     def test_read1(self):
         with LZMAFile(BytesIO(COMPRESSED_XZ)) as f:
             blocks = []
@@ -1192,6 +1216,8 @@
        Farewell.
 """
 
+COMPRESSED_BOGUS = b"this is not a valid lzma stream"
+
 COMPRESSED_XZ = (
     b"\xfd7zXZ\x00\x00\x04\xe6\xd6\xb4F\x02\x00!\x01\x16\x00\x00\x00t/\xe5\xa3"
     b"\xe0\x07\x80\x03\xdf]\x00\x05\x14\x07bX\x19\xcd\xddn\x98\x15\xe4\xb4\x9d"
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -19,7 +19,7 @@
 -------
 
 - Issue #19839: Fix regression in bz2 module's handling of non-bzip2 data at
-  EOF.
+  EOF, and analogous bug in lzma module.
 
 - Issue #19138: doctest's IGNORE_EXCEPTION_DETAIL now allows a match when
   no exception detail exists (no colon following the exception's name, or

-- 
Repository URL: http://hg.python.org/cpython

More information about the Python-checkins mailing list