diff --git a/Lib/tarfile.py b/Lib/tarfile.py --- a/Lib/tarfile.py +++ b/Lib/tarfile.py @@ -689,7 +689,10 @@ length = min(size, stop - self.position) if data: self.fileobj.seek(offset + (self.position - start)) - buf += self.fileobj.read(length) + b = self.fileobj.read(length) + if len(b) != length: + raise ReadError("unexpected end of archive") + buf += b else: buf += NUL * length size -= length @@ -2243,8 +2246,20 @@ self.firstmember = None return m + # Advance the file position if needed. + size = self.offset - self.fileobj.tell() + + if size < 0: + self.fileobj.seek(0) + size = self.offset + + while size > 0: + s = min(size, RECORDSIZE) + if len(self.fileobj.read(s)) != s: + raise ReadError("unexpected end of archive") + size -= s + # Read the next block. - self.fileobj.seek(self.offset) tarinfo = None while True: try: diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py --- a/Lib/test/test_tarfile.py +++ b/Lib/test/test_tarfile.py @@ -349,6 +349,24 @@ finally: tar.close() + def test_premature_end_of_archive(self): + for size in (512, 600, 1024, 1200): + with tarfile.open(tmpname, "w:") as tar: + t = tarfile.TarInfo("foo") + t.size = 1024 + tar.addfile(t, io.BytesIO(b"a" * 1024)) + + os.truncate(tmpname, size) + + with tarfile.open(tmpname) as tar: + with self.assertRaises(tarfile.ReadError): + for t in tar: + pass + + with tarfile.open(tmpname) as tar: + with self.assertRaises(tarfile.ReadError): + tar.extractfile(tar.next()).read() + class MiscReadTestBase(CommonReadTest): def requires_name_attribute(self):