bpo-45507: EOFErrors should be thrown for truncated gzip members (GH-29029)

This commit is contained in:
Ruben Vorderman 2021-11-19 19:07:05 +01:00 committed by GitHub
parent 7e44dc0ba7
commit 0ff3d95b98
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 0 deletions

View File

@ -603,6 +603,9 @@ def decompress(data):
do = zlib.decompressobj(wbits=-zlib.MAX_WBITS)
# Read all the data except the header
decompressed = do.decompress(data[fp.tell():])
if not do.eof or len(do.unused_data) < 8:
raise EOFError("Compressed file ended before the end-of-stream "
"marker was reached")
crc, length = struct.unpack("<II", do.unused_data[:8])
if crc != zlib.crc32(decompressed):
raise BadGzipFile("CRC check failed")

View File

@ -562,6 +562,14 @@ def test_decompress(self):
datac = gzip.compress(data)
self.assertEqual(gzip.decompress(datac), data)
def test_decompress_truncated_trailer(self):
compressed_data = gzip.compress(data1)
self.assertRaises(EOFError, gzip.decompress, compressed_data[:-4])
def test_decompress_missing_trailer(self):
compressed_data = gzip.compress(data1)
self.assertRaises(EOFError, gzip.decompress, compressed_data[:-8])
def test_read_truncated(self):
data = data1*50
# Drop the CRC (4 bytes) and file size (4 bytes).

View File

@ -0,0 +1 @@
Add tests for truncated/missing trailers in gzip.decompress implementation.