[New-bugs-announce] [issue36596] tarfile module considers anything starting with 512 bytes of zero bytes to be a valid tar file
Chris Siebenmann
report at bugs.python.org
Wed Apr 10 22:07:20 EDT 2019
New submission from Chris Siebenmann <c.python01 at cs.toronto.edu>:
The easiest reproduction of this is:
import tarfile
tarfile.open("/dev/zero", "r:")
(If you use plain "r" you get a hang in attempted lzma decoding.)
I believe this is probably due to a missing 'elif self.offset == 0:' in the 'except EOFHeaderError' exception handling case that almost all of the other exception handlers have.
This appears to be a very long standing issue based on the history of the code.
----------
components: Library (Lib)
messages: 339915
nosy: cks
priority: normal
severity: normal
status: open
title: tarfile module considers anything starting with 512 bytes of zero bytes to be a valid tar file
versions: Python 2.7, Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36596>
_______________________________________
More information about the New-bugs-announce
mailing list