diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2022-05-25 07:57:56 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-25 07:57:56 (GMT) |
| commit | 132ea299361e08c77c2b02ff25cf31eb73d3642f (patch) | |
| tree | b0953ef1231f87f5acb97970c217e4675b9fef31 | |
| parent | 2d5d01f26ba7939e8a035b6fe7abcc8490c9f208 (diff) | |
| download | cpython-132ea299361e08c77c2b02ff25cf31eb73d3642f.zip cpython-132ea299361e08c77c2b02ff25cf31eb73d3642f.tar.gz cpython-132ea299361e08c77c2b02ff25cf31eb73d3642f.tar.bz2 | |
[3.10] gh-83245: Raise BadZipFile instead of ValueError when reading a corrupt ZIP file (GH-32291) (GH-93140)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
(cherry picked from commit 202ed2506c84cd98e9e35621b5b2929ceb717864)
Co-authored-by: Sam Ezeh <sam.z.ezeh@gmail.com>
Automerge-Triggered-By: GH:serhiy-storchaka
| -rw-r--r-- | Lib/test/test_zipfile.py | 11 | ||||
| -rw-r--r-- | Lib/zipfile.py | 2 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2022-04-03-19-40-09.bpo-39064.76PbIz.rst | 2 |
3 files changed, 15 insertions, 0 deletions
diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py index 6e06ee6..e557d56 100644 --- a/Lib/test/test_zipfile.py +++ b/Lib/test/test_zipfile.py @@ -1736,6 +1736,17 @@ class OtherTests(unittest.TestCase): fp.write("short file") self.assertRaises(zipfile.BadZipFile, zipfile.ZipFile, TESTFN) + def test_negative_central_directory_offset_raises_BadZipFile(self): + # Zip file containing an empty EOCD record + buffer = bytearray(b'PK\x05\x06' + b'\0'*18) + + # Set the size of the central directory bytes to become 1, + # causing the central directory offset to become negative + for dirsize in 1, 2**32-1: + buffer[12:16] = struct.pack('<L', dirsize) + f = io.BytesIO(buffer) + self.assertRaises(zipfile.BadZipFile, zipfile.ZipFile, f) + def test_closed_zip_raises_ValueError(self): """Verify that testzip() doesn't swallow inappropriate exceptions.""" data = io.BytesIO() diff --git a/Lib/zipfile.py b/Lib/zipfile.py index 34d2fa4..eee1f47 100644 --- a/Lib/zipfile.py +++ b/Lib/zipfile.py @@ -1349,6 +1349,8 @@ class ZipFile: print("given, inferred, offset", offset_cd, inferred, concat) # self.start_dir: Position of start of central directory self.start_dir = offset_cd + concat + if self.start_dir < 0: + raise BadZipFile("Bad offset for central directory") fp.seek(self.start_dir, 0) data = fp.read(size_cd) fp = io.BytesIO(data) diff --git a/Misc/NEWS.d/next/Library/2022-04-03-19-40-09.bpo-39064.76PbIz.rst b/Misc/NEWS.d/next/Library/2022-04-03-19-40-09.bpo-39064.76PbIz.rst new file mode 100644 index 0000000..34d3152 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2022-04-03-19-40-09.bpo-39064.76PbIz.rst @@ -0,0 +1,2 @@ +:class:`zipfile.ZipFile` now raises :exc:`zipfile.BadZipFile` instead of ``ValueError`` when reading a +corrupt zip file in which the central directory offset is negative. |