Author martin.panter
Recipients Arfrever, christian.heimes, eric.araujo, martin.panter, nadeem.vawda, nikratio, pitrou, serhiy.storchaka, vstinner
Date 2014-09-10.07:11:21
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1410333082.04.0.698609442672.issue15955@psf.upfronthosting.co.za>
In-reply-to
Content
If people are worried about the best low-level decompressor API, maybe leave that as a future enhancement, and just rely on using the existing file reader APIs. I would expect them to have a sensible decompressed buffer size limit, however “bzip2” and LZMA look susceptible to zip bombing:

>>> GzipFile(fileobj=gzip_bomb).read(1)
b'\x00'
>>> BZ2File(bzip_bomb).read(1)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.4/bz2.py", line 293, in read
    return self._read_block(size)
  File "/usr/lib/python3.4/bz2.py", line 254, in _read_block
    while n > 0 and self._fill_buffer():
  File "/usr/lib/python3.4/bz2.py", line 218, in _fill_buffer
    self._buffer = self._decompressor.decompress(rawblock)
MemoryError
>>> z = LZMAFile(lzma_bomb)
>>> z.read(1)
b'\x00'  # Slight delay before returning
>>> len(z._buffer)
55675075  # Decompressed much more data than I asked for
History
Date User Action Args
2014-09-10 07:11:22martin.pantersetrecipients: + martin.panter, pitrou, vstinner, christian.heimes, nadeem.vawda, eric.araujo, Arfrever, nikratio, serhiy.storchaka
2014-09-10 07:11:22martin.pantersetmessageid: <1410333082.04.0.698609442672.issue15955@psf.upfronthosting.co.za>
2014-09-10 07:11:22martin.panterlinkissue15955 messages
2014-09-10 07:11:21martin.pantercreate