[Python-checkins] cpython (3.3): Issue #20078: Reading malformed zipfiles no longer hangs with 100% CPU

serhiy.storchaka python-checkins at python.org
Thu Jan 9 13:54:25 CET 2014 

http://hg.python.org/cpython/rev/0cf1defd5ac4
changeset:   88363:0cf1defd5ac4
branch:      3.3
parent:      88360:04dabdbd512c
user:        Serhiy Storchaka <storchaka at gmail.com>
date:        Thu Jan 09 14:50:20 2014 +0200
summary:
  Issue #20078: Reading malformed zipfiles no longer hangs with 100% CPU
consumption.

files:
  Lib/test/test_zipfile.py |  31 ++++++++++++++++++++++++++++
  Lib/zipfile.py           |   2 +
  Misc/NEWS                |   3 ++
  3 files changed, 36 insertions(+), 0 deletions(-)


diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py
--- a/Lib/test/test_zipfile.py
+++ b/Lib/test/test_zipfile.py
@@ -293,6 +293,36 @@
                     buf = fp.read(test_size)
                     self.assertEqual(len(buf), test_size)
 
+    def test_truncated_zipfile(self):
+        fp = io.BytesIO()
+        with zipfile.ZipFile(fp, mode='w') as zipf:
+            zipf.writestr('strfile', self.data, compress_type=self.compression)
+            end_offset = fp.tell()
+        zipfiledata = fp.getvalue()
+
+        fp = io.BytesIO(zipfiledata)
+        with zipfile.ZipFile(fp) as zipf:
+            with zipf.open('strfile') as zipopen:
+                fp.truncate(end_offset - 20)
+                with self.assertRaises(EOFError):
+                    zipopen.read()
+
+        fp = io.BytesIO(zipfiledata)
+        with zipfile.ZipFile(fp) as zipf:
+            with zipf.open('strfile') as zipopen:
+                fp.truncate(end_offset - 20)
+                with self.assertRaises(EOFError):
+                    while zipopen.read(100):
+                        pass
+
+        fp = io.BytesIO(zipfiledata)
+        with zipfile.ZipFile(fp) as zipf:
+            with zipf.open('strfile') as zipopen:
+                fp.truncate(end_offset - 20)
+                with self.assertRaises(EOFError):
+                    while zipopen.read1(100):
+                        pass
+
     def tearDown(self):
         unlink(TESTFN)
         unlink(TESTFN2)
@@ -389,6 +419,7 @@
         with zipfile.ZipFile(TESTFN2, "w") as zipfp:
             self.assertRaises(ValueError, zipfp.write, TESTFN)
 
+
 @requires_zlib
 class DeflateTestsWithSourceFile(AbstractTestsWithSourceFile,
                                  unittest.TestCase):
diff --git a/Lib/zipfile.py b/Lib/zipfile.py
--- a/Lib/zipfile.py
+++ b/Lib/zipfile.py
@@ -860,6 +860,8 @@
 
         data = self._fileobj.read(n)
         self._compress_left -= len(data)
+        if not data:
+            raise EOFError
 
         if self._decrypter is not None:
             data = bytes(map(self._decrypter, data))
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -36,6 +36,9 @@
 Library
 -------
 
+- Issue #20078: Reading malformed zipfiles no longer hangs with 100% CPU
+  consumption.
+
 - Issue #20113: os.readv() and os.writev() now raise an OSError exception on
   error instead of returning -1.
 

-- 
Repository URL: http://hg.python.org/cpython

More information about the Python-checkins mailing list