Message278228
I think patches put up in http://bugs.python.org/msg258736 is at least not sufficient enough for Python 2.7.
POC script(crash.py) provided with the issue calls get_data with data_size = -1.
I am using Python 2.7.8 . I patched the same with the solution provided in https://hg.python.org/cpython/rev/985fc64c60d6 . I was still able to reproduce the issue and it failed with
Traceback (most recent call last):
File "crash.py", line 25, in <module>
print(importer.get_data(FILE))
IOError: zipimport: can't read data
Segmentation fault (core dumped)
but I couldn't reproduce the same with latest 2.7.12:-
jchang@qasus-ubun12x64-001:~/Downloads/Python-2.7.12$ python2.7 -V
Python 2.7.12
jchang@qasus-ubun12x64-001:~/Downloads/Python-2.7.12$ python2.7 crash.py
Traceback (most recent call last):
File "crash.py", line 25, in <module>
print(importer.get_data(FILE))
zipimport.ZipImportError: negative data size
As we can see issue does happen in 2.7.12 because of following extra check :-
if (data_size < 0) {
PyErr_Format(ZipImportError, "negative data size");
return NULL;
}
which was merged in https://hg.python.org/cpython/rev/2edbdb79cd6d.
I was thinking of backporting the same to Python 2.7.8 as well to completely address this issue. Could you guys confirm if my understanding is correct on this ? Thanks |
|
Date |
User |
Action |
Args |
2016-10-07 03:57:44 | Parvesh jain | set | recipients:
+ Parvesh jain, georg.brandl, ned.deily, python-dev, berker.peksag, Insu Yun, vladk |
2016-10-07 03:57:43 | Parvesh jain | set | messageid: <1475812663.87.0.682366979286.issue26171@psf.upfronthosting.co.za> |
2016-10-07 03:57:43 | Parvesh jain | link | issue26171 messages |
2016-10-07 03:57:42 | Parvesh jain | create | |
|