Title: EOFError in
Type: behavior Stage:
Components: Documentation, Library (Lib) Versions: Python 3.7
Status: open Resolution:
Dependencies: Superseder:
Assigned To: docs@python Nosy List: docs@python, jvoisin, ronaldoussoren
Priority: normal Keywords:

Created on 2019-12-16 14:21 by jvoisin, last changed 2019-12-17 09:45 by jvoisin.

File name Uploaded Description Edit
crash-f4032ed3c7c2ae59a8f4424e0e73ce8b11ad3ef90155b008968f5b1b08499bc4 jvoisin, 2019-12-16 14:21
Messages (5)
msg358490 - (view) Author: jvoisin (jvoisin) Date: 2019-12-16 14:21
The attached file produces the following stacktrace when opened via ``, on Python 3.7.5rc1:

$ cat 
import tarfile
import sys

with[1], errorlevel=2) as t:
  for member in t.getmembers():

$ python3 crash-f4032ed3c7c2ae59a8f4424e0e73ce8b11ad3ef90155b008968f5b1b08499bc4
Traceback (most recent call last):
  File "", line 4, in <module>
    with[1], errorlevel=2) as t:
  File "/usr/lib/python3.7/", line 1574, in open
    return func(name, "r", fileobj, **kwargs)
  File "/usr/lib/python3.7/", line 1646, in gzopen
    t = cls.taropen(name, mode, fileobj, **kwargs)
  File "/usr/lib/python3.7/", line 1622, in taropen
    return cls(name, mode, fileobj, **kwargs)
  File "/usr/lib/python3.7/", line 1485, in __init__
    self.firstmember =
  File "/usr/lib/python3.7/", line 2290, in next
    tarinfo = self.tarinfo.fromtarfile(self)
  File "/usr/lib/python3.7/", line 1094, in fromtarfile
    buf =
  File "/usr/lib/python3.7/", line 276, in read
  File "/usr/lib/python3.7/", line 68, in readinto
    data =
  File "/usr/lib/python3.7/", line 463, in read
    if not self._read_gzip_header():
  File "/usr/lib/python3.7/", line 421, in _read_gzip_header
  File "/usr/lib/python3.7/", line 400, in _read_exact
    raise EOFError("Compressed file ended before the "
EOFError: Compressed file ended before the end-of-stream marker was reached

msg358492 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2019-12-16 15:12
Looks like expected behaviour, the attached file is an incomplete compressed file that does not seem to contain data (according to gzcat)

gzcat: crash-f4032ed3c7c2ae59a8f4424e0e73ce8b11ad3ef90155b008968f5b1b08499bc4: unexpected end of file
gzcat: crash-f4032ed3c7c2ae59a8f4424e0e73ce8b11ad3ef90155b008968f5b1b08499bc4: uncompress failed
msg358493 - (view) Author: jvoisin (jvoisin) Date: 2019-12-16 15:17
Unfortunately, the documentation ( doesn't mention that EOFError is an exception that could be raised when using :/
msg358494 - (view) Author: Ronald Oussoren (ronaldoussoren) * (Python committer) Date: 2019-12-16 15:25
The stdlib documentation does in general not contain exhaustive documentation on exceptions that might be raised.
msg358540 - (view) Author: jvoisin (jvoisin) Date: 2019-12-17 09:45
Does it means that the right™ way to process untrusted tar files is
to wrap every call to functions from in a `try: … except Exception:` block?
Date User Action Args
2019-12-17 09:45:27jvoisinsetmessages: + msg358540
2019-12-16 15:25:19ronaldoussorensetnosy: + docs@python
messages: + msg358494

assignee: docs@python
components: + Documentation
2019-12-16 15:17:14jvoisinsetmessages: + msg358493
2019-12-16 15:12:02ronaldoussorensetnosy: + ronaldoussoren
messages: + msg358492
2019-12-16 14:21:45jvoisincreate