[issue19883] Integer overflow in zipimport.c

Changes by Serhiy Storchaka : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___

[issue19883] Integer overflow in zipimport.c

Roundup Robot added the comment: New changeset 82ee3c24bb86 by Serhiy Storchaka in branch '2.7': Fixed an infinite loop in zipimport caused by cebcd2fd3e1f (issue #19883). https://hg.python.org/cpython/rev/82ee3c24bb86 -- ___ Python tracker

[issue19883] Integer overflow in zipimport.c

Serhiy Storchaka added the comment: Thank you Martin. -- ___ Python tracker ___ ___ Python-bugs-list mailing

[issue19883] Integer overflow in zipimport.c

Martin Panter added the comment: This seems to be causing an infinite loop in 2.7, in test_cmd_line_script.CmdLineTest.test_module_in_package_in_zipfile(): test_module_in_package_in_zipfile (test.test_cmd_line_script.CmdLineTest) ... ^C Test suite interrupted by signal SIGINT. 1 test omitted:

[issue19883] Integer overflow in zipimport.c

Roundup Robot added the comment: New changeset 687be1cbe587 by Serhiy Storchaka in branch '3.5': Issue #19883: Fixed possible integer overflows in zipimport. https://hg.python.org/cpython/rev/687be1cbe587 New changeset f4631dc56ecf by Serhiy Storchaka in branch 'default': Issue #19883: Fixed

[issue19883] Integer overflow in zipimport.c

STINNER Victor added the comment: Serhiy Storchaka added the comment: > Updated patch addresses Victor's comments and adds (mandatory now) > parenthesis. Thank you Victor. Do you mean braces {...}? The new patch looks good to me, thanks for taking all my comments in account ;-) --

[issue19883] Integer overflow in zipimport.c

Serhiy Storchaka added the comment: Updated patch addresses Victor's comments and adds (mandatory now) parenthesis. Thank you Victor. -- assignee: -> serhiy.storchaka Added file: http://bugs.python.org/file41697/zipimport_int_overflow_4.patch ___

[issue19883] Integer overflow in zipimport.c

Serhiy Storchaka added the comment: Synchronized with current sources. -- components: +Extension Modules keywords: +needs review nosy: +benjamin.peterson versions: -Python 3.4 Added file: http://bugs.python.org/file41687/zipimport_int_overflow_3.patch

[issue19883] Integer overflow in zipimport.c

Changes by Serhiy Storchaka : Removed file: http://bugs.python.org/file40981/zipimport_int_overflow_2.patch ___ Python tracker ___

[issue19883] Integer overflow in zipimport.c

Serhiy Storchaka added the comment: Here is revised patch. It addresses Gregory's comments, uses properly integer types and converters for all values, and adds additional checks for integer overflows and ZIP file validity. As a side effect the performance can be increased due to less memory

[issue19883] Integer overflow in zipimport.c

Serhiy Storchaka added the comment: Sorry, the patch contained parts of the advanced patch that will be submitted in separate issue. -- Added file: http://bugs.python.org/file40982/zipimport_int_overflow_2.patch ___ Python tracker

[issue19883] Integer overflow in zipimport.c

Changes by Serhiy Storchaka : Added file: http://bugs.python.org/file40981/zipimport_int_overflow_2.patch ___ Python tracker ___

[issue19883] Integer overflow in zipimport.c

Changes by Serhiy Storchaka : Removed file: http://bugs.python.org/file40980/zipimport_int_overflow_2.patch ___ Python tracker ___

[issue19883] Integer overflow in zipimport.c

Changes by Eric Snow ericsnowcurren...@gmail.com: -- versions: +Python 3.6 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19883 ___ ___

[issue19883] Integer overflow in zipimport.c

Changes by Eric Snow ericsnowcurren...@gmail.com: -- nosy: +eric.snow, superluser ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19883 ___ ___

[issue19883] Integer overflow in zipimport.c

Serhiy Storchaka added the comment: Ping. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19883 ___ ___ Python-bugs-list mailing list

[issue19883] Integer overflow in zipimport.c

Changes by Serhiy Storchaka storch...@gmail.com: -- versions: +Python 2.7, Python 3.5 -Python 3.3 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19883 ___

[issue19883] Integer overflow in zipimport.c

STINNER Victor added the comment: Here is a work-in-progress patch. PyMarshal_ReadShortFromFile() and PyMarshal_ReadLongFromFile() are still wrong: new Unsigned version should be added to marshal.c. I don't know if a C cast to unsigned is enough because long can be larger than 32-bit (ex: on

[issue19883] Integer overflow in zipimport.c

Gregory P. Smith added the comment: comments added to the patch. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19883 ___ ___ Python-bugs-list

[issue19883] Integer overflow in zipimport.c

Gregory P. Smith added the comment: zipimport.c makes no attempt to support zip files larger than 2GiB or zip64 files. -- nosy: +gregory.p.smith ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19883

[issue19883] Integer overflow in zipimport.c

Changes by Brett Cannon br...@python.org: -- assignee: brett.cannon - ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19883 ___ ___

[issue19883] Integer overflow in zipimport.c

Serhiy Storchaka added the comment: Yes, these fields are unsingned. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19883 ___ ___

[issue19883] Integer overflow in zipimport.c

STINNER Victor added the comment: read_directory() uses fseek() and ftell() which don't support offset larger than LONG_MAX (2 GB on 32-bit system). I don't know if it's an issue. What happens if the file is longer? header_offset += arc_offset; can overflow or not? This instuction looks

[issue19883] Integer overflow in zipimport.c

STINNER Victor added the comment: See also zipfile.py which is probably more correct than zipimport.c: zipfile uses for example L format for struct.unpack (*unsigned* long) to decode header fields. -- ___ Python tracker rep...@bugs.python.org

[issue19883] Integer overflow in zipimport.c

Changes by Serhiy Storchaka storch...@gmail.com: -- nosy: +serhiy.storchaka ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue19883 ___ ___