There's a bug in python's zlibmodule.c that makes it raise SystemError whenever it tries to decompress a chunk larger than 1GB is size. Here's an example of this in action:

dmitriev@...:~/moo/zlib_bug> cat zlib_bug.py 
import zlib

def test_zlib(size_mb):
    print "testing zlib with a %dMB object" % size_mb
    c = zlib.compressobj(1)
    sm = c.compress(' ' * (size_mb*1024*1024)) + c.flush()
    d = zlib.decompressobj()
    dm = d.decompress(sm) + d.flush()

test_zlib(1024)
test_zlib(1025)

dmitriev@...:~/moo/zlib_bug> python2.6 zlib_bug.py 
testing zlib with a 1024MB object
testing zlib with a 1025MB object
Traceback (most recent call last):
  File "zlib_bug.py", line 11, in <module>
    test_zlib(1025)
  File "zlib_bug.py", line 8, in test_zlib
    dm = d.decompress(sm) + d.flush()
SystemError: Objects/stringobject.c:4271: bad argument to internal function

dmitriev@...:~/moo/zlib_bug>

A similar issue was reported in issue1372; however, either this one is different, or the issue still exists in all versions of Python 2.6 that I tested, on both Solaris and Mac OS X. These are all 64-bit builds and have no problem manipulating multi-GB structures, so it's not an out-of-memory condition:

dmitriev@...:~/moo/zlib_bug> python2.6   
Python 2.6.1 (r261:67515, Nov 18 2009, 12:21:47) 
[GCC 4.3.3] on sunos5
Type "help", "copyright", "credits" or "license" for more information.
>>> len(' ' * (6000*1024*1024))
6291456000
>>>

Alright, I think this is caused by the following:

static PyObject *
PyZlib_objdecompress(compobject *self, PyObject *args)
{
    int err, inplen, old_length, length = DEFAULTALLOC;
    int max_length = 0;

The problem is that inplen, length, old_length, and max_length are all ints, whereas they should be Py_ssize_t. I think replacing them should make the bug go away. (I can't test it right now though because I'm having trouble compiling zlibmodule on my current machine)

Attached a patch for Modules/zlibmodule.c that worked for me.  Tested with python (2.6.1 and 2.6.5) 64bit builds on Solaris (amd64 and sparc) and RHEL5.2 amd64.

Confirmed. It even segfaults under 3.x.

Here is a patch fixing the issue, and a similar one in compressobj.compress(). It also adds tests which are only enabled with the bigmem option.

in the unittests there is some use of 'compress' and 'decompress'
mixed with 'zlib.decompress'.  which one is right (i'm only looking at
the diff so i can't see if they were imported from zlib or if the
zlib. is required at the moment).

otherwise, provided the new bigmem tests pass.  looks good to me.
commit and backport through to 2.6.

On Fri, May 7, 2010 at 8:56 AM, Antoine Pitrou <report@bugs.python.org> wrote:
>
> Antoine Pitrou <pitrou@free.fr> added the comment:
>
> Here is a patch fixing the issue, and a similar one in compressobj.compress(). It also adds tests which are only enabled with the bigmem option.
>
> ----------
> Added file: http://bugs.python.org/file17245/zlibbigbuf.patch
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue8571>
> _______________________________________
>

> in the unittests there is some use of 'compress' and 'decompress'
> mixed with 'zlib.decompress'.  which one is right

When testing the decompressor, data needs to be prepared first
(compressed). I didn't bother creating a compressor object in this case.

Is there a reason to keep inplen and max_length ints instead of making them Py_ssize_t too? I'm a little worried that keeping them ints will cause a similar problem further down the line.

> Is there a reason to keep inplen and max_length ints instead of making
> them Py_ssize_t too?

zlibmodule.c isn't 64-bit clean internally. Actually, the zlib itself
uses uInt in its z_stream structure. This should be the target of a
separate issue, and seems it will require more work than simply changing
the type of a variable.

Patch committed in r80926 (trunk), r80927 (2.6), r80928 (py3k) and r80929 (3.1). Thank you!