◐ Shell
clean mode source ↗

gh-151308: Avoid huge pre-allocation in wave.readframes() for crafted files by iamsharduld · Pull Request #151487 · python/cpython

bedevere-app

@iamsharduld 

…rafted files

A WAV data chunk records its size in a 4-byte header field that is not
validated against the data actually present in the file.  A small,
truncated, or maliciously crafted file could therefore claim a chunk of
several gigabytes and make wave.Wave_read.readframes() pre-allocate that
much memory via a single file.read(chunksize) call, leading to a
MemoryError (or memory exhaustion) from a tiny input.

When the underlying file is seekable, clamp each read in the internal
_Chunk.read() to the number of bytes physically available, so we never
allocate more than the file can actually provide.  The data returned for
valid files is unchanged.