summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKevin Mehall <km@kevinmehall.net>2022-03-20 14:26:09 (GMT)
committerGitHub <noreply@github.com>2022-03-20 14:26:09 (GMT)
commite730ae7effe4f13b24f1b5fb1fca005709c86acb (patch)
treeb0391ac70889fdde5ce0f2ec8de7acfa1cebb5c1
parent3af68fc77c528d4e7749046cf6e41fd79902e6e6 (diff)
downloadcpython-e730ae7effe4f13b24f1b5fb1fca005709c86acb.zip
cpython-e730ae7effe4f13b24f1b5fb1fca005709c86acb.tar.gz
cpython-e730ae7effe4f13b24f1b5fb1fca005709c86acb.tar.bz2
bpo-42369: Fix thread safety of zipfile._SharedFile.tell (GH-26974)
The `_SharedFile` tracks its own virtual position into the file as `self._pos` and updates it after reading or seeking. `tell()` should return this position instead of calling into the underlying file object, since if multiple `_SharedFile` instances are being used concurrently on the same file, another one may have moved the real file position. Additionally, calling into the underlying `tell` may expose thread safety issues in the underlying file object because it was called without taking the lock.
-rw-r--r--Lib/zipfile.py4
-rw-r--r--Misc/NEWS.d/next/Library/2022-03-19-19-56-04.bpo-42369.Ok828t.rst1
2 files changed, 4 insertions, 1 deletions
diff --git a/Lib/zipfile.py b/Lib/zipfile.py
index 41bf49a..385adc8 100644
--- a/Lib/zipfile.py
+++ b/Lib/zipfile.py
@@ -747,7 +747,9 @@ class _SharedFile:
self._lock = lock
self._writing = writing
self.seekable = file.seekable
- self.tell = file.tell
+
+ def tell(self):
+ return self._pos
def seek(self, offset, whence=0):
with self._lock:
diff --git a/Misc/NEWS.d/next/Library/2022-03-19-19-56-04.bpo-42369.Ok828t.rst b/Misc/NEWS.d/next/Library/2022-03-19-19-56-04.bpo-42369.Ok828t.rst
new file mode 100644
index 0000000..86dc3a0
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2022-03-19-19-56-04.bpo-42369.Ok828t.rst
@@ -0,0 +1 @@
+Fix thread safety of :meth:`zipfile._SharedFile.tell` to avoid a "zipfile.BadZipFile: Bad CRC-32 for file" exception when reading a :class:`ZipFile` from multiple threads.