Parvesh jain added the comment:
I think patches put up in http://bugs.python.org/msg258736 is at least not
sufficient enough for Python 2.7.
POC script(crash.py) provided with the issue calls get_data with data_size = -1.
I am using Python 2.7.8 . I patched the same with the solution provided in
https://hg.python.org/cpython/rev/985fc64c60d6 . I was still able to reproduce
the issue and it failed with
Traceback (most recent call last):
File "crash.py", line 25, in <module>
print(importer.get_data(FILE))
IOError: zipimport: can't read data
Segmentation fault (core dumped)
but I couldn't reproduce the same with latest 2.7.12:-
jchang@qasus-ubun12x64-001:~/Downloads/Python-2.7.12$ python2.7 -V
Python 2.7.12
jchang@qasus-ubun12x64-001:~/Downloads/Python-2.7.12$ python2.7 crash.py
Traceback (most recent call last):
File "crash.py", line 25, in <module>
print(importer.get_data(FILE))
zipimport.ZipImportError: negative data size
As we can see issue does happen in 2.7.12 because of following extra check :-
if (data_size < 0) {
PyErr_Format(ZipImportError, "negative data size");
return NULL;
}
which was merged in https://hg.python.org/cpython/rev/2edbdb79cd6d.
I was thinking of backporting the same to Python 2.7.8 as well to completely
address this issue. Could you guys confirm if my understanding is correct on
this ? Thanks
----------
nosy: +Parvesh jain
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue26171>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
