[Python-checkins] bpo-40105: ZipFile truncate in append mode with shorter comment (GH-19337)

Miss Islington (bot) webhook-mailer at python.org
Mon Sep 28 15:18:47 EDT 2020 

https://github.com/python/cpython/commit/e4008404fbc0002c49becc565d42e93eca11dd75
commit: e4008404fbc0002c49becc565d42e93eca11dd75
branch: 3.8
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2020-09-28T12:18:39-07:00
summary:

bpo-40105: ZipFile truncate in append mode with shorter comment (GH-19337)

(cherry picked from commit ff9147d93b868f0e13b9fe14e2a76c2879f6787b)

Co-authored-by: Jan Mazur <16736821+mzr at users.noreply.github.com>

files:
A Misc/NEWS.d/next/Library/2020-04-03-16-13-59.bpo-40105.hfM2c0.rst
M Lib/test/test_zipfile.py
M Lib/zipfile.py

diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py
index e2e37a1770418..31153445697fd 100644
--- a/Lib/test/test_zipfile.py
+++ b/Lib/test/test_zipfile.py
@@ -1844,11 +1844,14 @@ def test_comments(self):
             self.assertEqual(zipf.comment, b"an updated comment")
 
         # check that comments are correctly shortened in append mode
+        # and the file is indeed truncated
         with zipfile.ZipFile(TESTFN,mode="w") as zipf:
             zipf.comment = b"original comment that's longer"
             zipf.writestr("foo.txt", "O, for a Muse of Fire!")
+        original_zip_size = os.path.getsize(TESTFN)
         with zipfile.ZipFile(TESTFN,mode="a") as zipf:
             zipf.comment = b"shorter comment"
+        self.assertTrue(original_zip_size > os.path.getsize(TESTFN))
         with zipfile.ZipFile(TESTFN,mode="r") as zipf:
             self.assertEqual(zipf.comment, b"shorter comment")
 
diff --git a/Lib/zipfile.py b/Lib/zipfile.py
index 73e89666309ff..e95e2b2d452df 100644
--- a/Lib/zipfile.py
+++ b/Lib/zipfile.py
@@ -1942,6 +1942,8 @@ def _write_end_record(self):
                              centDirSize, centDirOffset, len(self._comment))
         self.fp.write(endrec)
         self.fp.write(self._comment)
+        if self.mode == "a":
+            self.fp.truncate()
         self.fp.flush()
 
     def _fpclose(self, fp):
diff --git a/Misc/NEWS.d/next/Library/2020-04-03-16-13-59.bpo-40105.hfM2c0.rst b/Misc/NEWS.d/next/Library/2020-04-03-16-13-59.bpo-40105.hfM2c0.rst
new file mode 100644
index 0000000000000..f71a7a1e697a4
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2020-04-03-16-13-59.bpo-40105.hfM2c0.rst
@@ -0,0 +1,2 @@
+ZipFile truncates files to avoid corruption when a shorter comment is provided
+in append ("a") mode. Patch by Jan Mazur.

More information about the Python-checkins mailing list