{{ message }}
gh-151307: Bound zipfile reads for forged compressed sizes#151509
Open
rohitjavvadi wants to merge 1 commit into
Open
gh-151307: Bound zipfile reads for forged compressed sizes#151509rohitjavvadi wants to merge 1 commit into
rohitjavvadi wants to merge 1 commit into
Conversation
Sorry, something went wrong.
|
All commit authors signed the Contributor License Agreement. |
Sorry, something went wrong.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9067b6f30d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Sorry, something went wrong.
rohitjavvadi
force-pushed
the
fix-zipfile-bounded-read
branch
2 times, most recently
from
930fc93 to
26535f5
Compare
June 15, 2026 16:02
rohitjavvadi
force-pushed
the
fix-zipfile-bounded-read
branch
from
26535f5 to
6531eb7
Compare
June 15, 2026 17:06
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reviewers
1 participant
This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.
The forged ZIP from gh-151307 can make
ZipExtFile._read2()pass a central-directory-controlled compressed size directly to the underlying file object'sread(n). In the local reproducer, a 160-byte archive made the unpatched code callread(2147483647)twice before failing withEOFError.This keeps the existing overlap warning behavior for duplicate-name entries, but bounds the actual low-level read request:
After the change, the same 160-byte archive still fails as truncated, but the largest underlying read request is 125 bytes and there are no oversized reads.
Fixes gh-151307.
Testing
[2147483647, 2147483647][]./python.exe -m test test_zipfile -m test_forged_compress_size_read_is_bounded -v./python.exe -m test test_zipfile -vgit diff --checkmake patchcheck