Message 313084 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	serhiy.storchaka
Recipients	BT123, serhiy.storchaka
Date	2018-03-01.06:10:12
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1519884613.3.0.467229070634.issue32056@psf.upfronthosting.co.za>
In-reply-to

Content
I have no idea why this was classified as a vulnerability. I don't think it can crash an application. If you have an example of crashing please provide it. I would not classify this issue even as a bug. It is obvious that invalid files can cause an exception. It may be good to detect some of errors earlier and raise more specific exception (Error would be more appropriate here than ValueError). But in general validating the wave file is not the purpose of this module, and this task can't be performed without reading the whole file, not only the header. All changes in wave.py should be ported to aifc.py and sunau.py and needs tests.

I have no idea why this was classified as a vulnerability. I don't think it can crash an application. If you have an example of crashing please provide it.

I would not classify this issue even as a bug. It is obvious that invalid files can cause an exception. It may be good to detect some of errors earlier and raise more specific exception (Error would be more appropriate here than ValueError). But in general validating the wave file is not the purpose of this module, and this task can't be performed without reading the whole file, not only the header.

All changes in wave.py should be ported to aifc.py and sunau.py and needs tests.

History
Date	User	Action	Args
2018-03-01 06:10:13	serhiy.storchaka	set	recipients: + serhiy.storchaka, BT123
2018-03-01 06:10:13	serhiy.storchaka	set	messageid: <1519884613.3.0.467229070634.issue32056@psf.upfronthosting.co.za>
2018-03-01 06:10:13	serhiy.storchaka	link	issue32056 messages
2018-03-01 06:10:12	serhiy.storchaka	create