Message226685
If people are worried about the best low-level decompressor API, maybe leave that as a future enhancement, and just rely on using the existing file reader APIs. I would expect them to have a sensible decompressed buffer size limit, however “bzip2” and LZMA look susceptible to zip bombing:
>>> GzipFile(fileobj=gzip_bomb).read(1)
b'\x00'
>>> BZ2File(bzip_bomb).read(1)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.4/bz2.py", line 293, in read
return self._read_block(size)
File "/usr/lib/python3.4/bz2.py", line 254, in _read_block
while n > 0 and self._fill_buffer():
File "/usr/lib/python3.4/bz2.py", line 218, in _fill_buffer
self._buffer = self._decompressor.decompress(rawblock)
MemoryError
>>> z = LZMAFile(lzma_bomb)
>>> z.read(1)
b'\x00' # Slight delay before returning
>>> len(z._buffer)
55675075 # Decompressed much more data than I asked for |
|
Date |
User |
Action |
Args |
2014-09-10 07:11:22 | martin.panter | set | recipients:
+ martin.panter, pitrou, vstinner, christian.heimes, nadeem.vawda, eric.araujo, Arfrever, nikratio, serhiy.storchaka |
2014-09-10 07:11:22 | martin.panter | set | messageid: <1410333082.04.0.698609442672.issue15955@psf.upfronthosting.co.za> |
2014-09-10 07:11:22 | martin.panter | link | issue15955 messages |
2014-09-10 07:11:21 | martin.panter | create | |
|