[3.10] bpo-39039: tarfile raises descriptive exception from zlib.error (GH-27766) (GH-28613)
* during tarfile parsing, a zlib error indicates invalid data
* tarfile.open now raises a descriptive exception from the zlib error
* this makes it clear to the user that they may be trying to open a
corrupted tar file
(cherry picked from commit b6fe8572509b77d2002eaddf99d718e9b4835684)
Co-authored-by: Jack DeVries <58614260+jdevries3133@users.noreply.github.com>
diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
index cfdda24..e4b5c52 100644
--- a/Lib/test/test_tarfile.py
+++ b/Lib/test/test_tarfile.py
@@ -20,6 +20,10 @@
except ImportError:
gzip = None
try:
+ import zlib
+except ImportError:
+ zlib = None
+try:
import bz2
except ImportError:
bz2 = None
@@ -687,6 +691,16 @@ def test_parallel_iteration(self):
self.assertEqual(m1.offset, m2.offset)
self.assertEqual(m1.get_info(), m2.get_info())
+ @unittest.skipIf(zlib is None, "requires zlib")
+ def test_zlib_error_does_not_leak(self):
+ # bpo-39039: tarfile.open allowed zlib exceptions to bubble up when
+ # parsing certain types of invalid data
+ with unittest.mock.patch("tarfile.TarInfo.fromtarfile") as mock:
+ mock.side_effect = zlib.error
+ with self.assertRaises(tarfile.ReadError):
+ tarfile.open(self.tarname)
+
+
class MiscReadTest(MiscReadTestBase, unittest.TestCase):
test_fail_comp = None