classification
Title: zipfile: string IndexError on extract
Type: behavior Stage:
Components: Versions: Python 3.8, Python 3.7, Python 3.6
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: 18z, alter-bug-tracer, krnick
Priority: normal Keywords:

Created on 2019-05-21 10:49 by alter-bug-tracer, last changed 2019-05-31 06:02 by Jeffrey.Kintscher.

Files
File name Uploaded Description Edit
file0.zip alter-bug-tracer, 2019-05-21 10:49
Messages (4)
msg343006 - (view) Author: alter-bug-tracer (alter-bug-tracer) * Date: 2019-05-21 10:49
The following code throws an IndexError when attempting to extract a malformed archive (attached):

import zipfile
import sys

zf = zipfile.ZipFile(sys.argv[1])
for info in zf.infolist():
  zf.extract(info.filename)

Result:
Traceback (most recent call last):
  File "code.py", line 6, in <module>
    zf.extract(info.filename)
  File "/usr/lib/python3.6/zipfile.py", line 1507, in extract
    return self._extract_member(member, path, pwd)
  File "/usr/lib/python3.6/zipfile.py", line 1572, in _extract_member
    if member.is_dir():
  File "/usr/lib/python3.6/zipfile.py", line 531, in is_dir
    return self.filename[-1] == '/'
IndexError: string index out of range
msg343047 - (view) Author: JUN-WEI SONG (krnick) * Date: 2019-05-21 13:29
The following output throws error when using unzip -t 

$ unzip -t file0.zip

Output:

Archive:  file0.zip
:  mismatching "local" filename (zipfile_extract.pyUT^I),
         continuing with "central" filename version
    testing:                         
  error:  invalid compressed data to inflate
At least one error was detected in file0.zip.

It looks like the zip file is corrupted. Maybe we could add some detection mechanisms before extract it like unzip, for example, unsupported characters or file corrupted check.
msg343052 - (view) Author: alter-bug-tracer (alter-bug-tracer) * Date: 2019-05-21 14:17
Hi,

The zip is corrupted on purpose.
I agree, every input should be checked before doing stuff with it.
msg343140 - (view) Author: KunYu Chen (18z) * Date: 2019-05-22 02:55
Hi alter-bug-tracer,

We notice about this pitfall when extracting zipbomb files.
and we have discussion here

https://bugs.python.org/issue36260
History
Date User Action Args
2019-05-31 06:02:58Jeffrey.Kintschersetnosy: - Jeffrey.Kintscher
2019-05-28 07:51:39Jeffrey.Kintschersetnosy: + Jeffrey.Kintscher
2019-05-22 02:55:0518zsetnosy: + 18z
messages: + msg343140
2019-05-21 14:17:43alter-bug-tracersetmessages: + msg343052
2019-05-21 13:29:19krnicksetnosy: + krnick
messages: + msg343047
2019-05-21 10:49:55alter-bug-tracercreate