[issue27130] zlib: OverflowError while trying to compress 2^32 bytes or more
Martin Panter
report at bugs.python.org
Thu Jun 2 19:07:46 EDT 2016
Martin Panter added the comment:
Klamann, thanks for crash report. I think your decompress crash is explained by the bug expanding past UINT_MAX I identified above. The key is that length = 0 in zlib_Decompress_decompress_impl(), as if wrapped around, and the return value will have been resized to zero. My suggested fix step 7 would address this.
The workaround here would either be to pass compressed data in smaller chunks (4 MB or less), so that no chunk can expand to 4 GiB, or to make use of the max_length parameter. Either way, it will make any code more complicated though.
If anyone wants to write a patch (or do testing) to solve any or all of the problems, I am happy to help. But it is not a high priority for me to do all the work, because I am not set up to test it easily.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27130>
_______________________________________
More information about the Python-bugs-list
mailing list