This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: tarfile.TarInfo.fromtarfile does not check read() return value
Type: behavior Stage: resolved
Components: Versions: Python 3.4, Python 3.5, Python 2.7
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: lars.gustaebel Nosy List: BreamoreBoy, lars.gustaebel, socketpair
Priority: normal Keywords:

Created on 2013-01-04 07:55 by socketpair, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Messages (3)
msg179006 - (view) Author: Марк Коренберг (socketpair) * Date: 2013-01-04 07:55
tarfile.TarInfo.fromtarfile does not check read() return value.
read() may return less than requested size, so,

buf =
obj.offset = tarfile.fileobj.tell() - BLOCKSIZE

may do something nasty.
msg223125 - (view) Author: Mark Lawrence (BreamoreBoy) * Date: 2014-07-15 17:20
@Lars can we have a comment on this please.
msg223412 - (view) Author: Lars Gustäbel (lars.gustaebel) * (Python committer) Date: 2014-07-18 14:30
The size of the buffer returned by TarInfo.fromtarfile() is checked by TarInfo.frombuf() which raises either an EmptyHeaderError or TruncatedHeaderError respectively.
Date User Action Args
2022-04-11 14:57:40adminsetgithub: 61063
2014-07-18 14:30:48lars.gustaebelsetstatus: open -> closed
messages: + msg223412

assignee: lars.gustaebel
resolution: not a bug
stage: resolved
2014-07-15 17:20:30BreamoreBoysetversions: + Python 2.7, Python 3.4, Python 3.5
nosy: + BreamoreBoy

messages: + msg223125

type: behavior
2013-01-04 08:07:58ned.deilysetnosy: + lars.gustaebel
2013-01-04 07:55:22socketpaircreate