iemejia commented on code in PR #3850:
URL: https://github.com/apache/avro/pull/3850#discussion_r3567571742
##########
lang/py/avro/codecs.py:
##########
@@ -123,7 +173,22 @@ def decompress(readers_decoder: avro.io.BinaryDecoder) ->
avro.io.BinaryDecoder:
data = readers_decoder.read_bytes()
# -15 is the log of the window size; negative indicates
# "raw" (no zlib headers) decompression. See zlib.h.
- uncompressed = zlib.decompress(data, -15)
+ limit = _max_decompress_length()
+ decompressor = zlib.decompressobj(-15)
+ # Request at most limit + 1 bytes so that an over-large block is
detected
+ # without allocating the whole (potentially huge) output. Accumulate
into
+ # a bytearray so the flush() output is appended in place rather than
+ # creating an extra full-size copy of the already-decompressed data.
+ uncompressed = bytearray(decompressor.decompress(data, limit + 1))
+ if len(uncompressed) > limit:
+ _raise_decompression_too_large(limit)
+ uncompressed += decompressor.flush()
+ if len(uncompressed) > limit:
+ _raise_decompression_too_large(limit)
+ if not decompressor.eof:
+ # The end-of-stream marker was not reached: the block is truncated
or
+ # corrupt. zlib.decompress() used to raise for this; preserve that.
+ raise avro.errors.InvalidAvroBinaryEncoding("Truncated or corrupt
deflate block")
Review Comment:
Good catch — decompress(data, limit+1) leaves unconsumed input, and the
subsequent flush() was unbounded. Reworked to drain unconsumed_tail in a loop
with a per-call max_length and to pass a bounded length to flush(), so total
output can't exceed limit+1 before being rejected.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]