[issue32056] Improve exceptions in aifc, sunau and wave
zhangdeyue <abcdyzh...@163.com> added the comment: I'm confused now. For any program which receive external file, to check the input file is necessary to do, isn't it? And program error lead to security bug, that's not right? The program itself check input file, catch and show some exceptions or asserts means that the error has been taken into account and the program is robust. However, I got the message from the system's check. -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32056> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32056] Improve exceptions in aifc, sunau and wave
zhangdeyue <abcdyzh...@163.com> added the comment: I agree that it is very small, but I still think it is indeed a security issue, because it can crash real world program when called by some library used in Deep Learning ASR project. Does a CVE assigned have any negative impact on you? -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32056> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32056] Improve exceptions in Lib/wave.py
zhangdeyue <abcdyzh...@163.com> added the comment: ok, I found this bug when I use librosa-0.5.1 to read audio file in the audio-classification project -- an ASR project. (https://github.com/nextco/audio-classification) In the project, librosa.load function read audio file, and it called wave.open function finally. But all of the functions don't validate the audio file which lead to the project dividing by zero. Although the bug is easy and small, I think the bug should be fixed because there are so many python-library(such as librosa, audioread) use it without validation in more and more popular ASR project. My program backtrace is as follow: https://github.com/BT123/testcasesForMyRequest/blob/master/wave-1.png https://github.com/BT123/testcasesForMyRequest/blob/master/wave-2.png -- versions: -Python 3.8 ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32056> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32056] bug in Lib/wave.py
zhangdeyue <abcdyzh...@163.com> added the comment: The CVE email: The CVE ID is below. Please check whether the vulnerability still exists in Python 3.6.4, and please inform the software maintainer that the CVE ID has been assigned: https://bugs.python.org Use CVE-2017-18207 for this vulnerability in Python. -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32056> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue32056] bug in Lib/wave.py
Change by zhangdeyue <abcdyzh...@163.com>: -- keywords: +patch pull_requests: +4382 stage: -> patch review ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32056> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com