bpo-45507: EOFErrors should be thrown for truncated gzip members (GH-29029)

3 files changed, 12 insertions, 0 deletions

diff --git a/Lib/gzip.py b/Lib/gzip.py
index ac17810..6773ea3 100644
--- a/Lib/gzip.py
+++ b/Lib/gzip.py
@@ -603,6 +603,9 @@ def decompress(data):
         do = zlib.decompressobj(wbits=-zlib.MAX_WBITS)
         # Read all the data except the header
         decompressed = do.decompress(data[fp.tell():])
+        if not do.eof or len(do.unused_data) < 8:
+            raise EOFError("Compressed file ended before the end-of-stream "
+                           "marker was reached")
         crc, length = struct.unpack("<II", do.unused_data[:8])
         if crc != zlib.crc32(decompressed):
             raise BadGzipFile("CRC check failed")
diff --git a/Lib/test/test_gzip.py b/Lib/test/test_gzip.py
index f86e767..aa66d2f 100644
--- a/Lib/test/test_gzip.py
+++ b/Lib/test/test_gzip.py
@@ -562,6 +562,14 @@ class TestGzip(BaseTest):
             datac = gzip.compress(data)
             self.assertEqual(gzip.decompress(datac), data)
 
+    def test_decompress_truncated_trailer(self):
+        compressed_data = gzip.compress(data1)
+        self.assertRaises(EOFError, gzip.decompress, compressed_data[:-4])
+
+    def test_decompress_missing_trailer(self):
+        compressed_data = gzip.compress(data1)
+        self.assertRaises(EOFError, gzip.decompress, compressed_data[:-8])
+
     def test_read_truncated(self):
         data = data1*50
         # Drop the CRC (4 bytes) and file size (4 bytes).
diff --git a/Misc/NEWS.d/next/Library/2021-10-18-14-00-01.bpo-45507.lDotNV.rst b/Misc/NEWS.d/next/Library/2021-10-18-14-00-01.bpo-45507.lDotNV.rst
new file mode 100644
index 0000000..a69ccda
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2021-10-18-14-00-01.bpo-45507.lDotNV.rst
@@ -0,0 +1 @@
+Add tests for truncated/missing trailers in gzip.decompress implementation.