bpo-31602: Fix an assertion failure in zipimporter.get_source() in case of a bad zlib.decompress() (GH-3784)

While a rare potential failure (it requires swapping out zlib.decompress() itself and forcing it to return a non-bytes object), this change prevents a potential C-level assertion failure and instead substitutes it with an exception.

Thanks to Oren Milman for the patch.
This commit is contained in:
Oren Milman 2017-09-29 21:34:31 +03:00 committed by Brett Cannon
parent 66033733aa
commit 01c6a8859e
3 changed files with 27 additions and 0 deletions

View File

@ -17,6 +17,10 @@ import doctest
import inspect
import io
from traceback import extract_tb, extract_stack, print_tb
try:
import zlib
except ImportError:
zlib = None
test_src = """\
def get_name():
@ -669,6 +673,19 @@ class UncompressedZipImportTestCase(ImportHooksBaseTestCase):
class CompressedZipImportTestCase(UncompressedZipImportTestCase):
compression = ZIP_DEFLATED
@support.cpython_only
def test_issue31602(self):
# There shouldn't be an assertion failure in zipimporter.get_source()
# in case of a bad zlib.decompress().
def bad_decompress(*args):
return None
with ZipFile(TEMP_ZIP, 'w') as zip_file:
self.addCleanup(support.unlink, TEMP_ZIP)
zip_file.writestr('bar.py', b'print("hello world")', ZIP_DEFLATED)
zi = zipimport.zipimporter(TEMP_ZIP)
with support.swap_attr(zlib, 'decompress', bad_decompress):
self.assertRaises(TypeError, zi.get_source, 'bar')
class BadFileZipImportTestCase(unittest.TestCase):
def assertZipFailure(self, filename):

View File

@ -0,0 +1,2 @@
Fix an assertion failure in `zipimporter.get_source()` in case of a bad
`zlib.decompress()`. Patch by Oren Milman.

View File

@ -1236,6 +1236,14 @@ get_data(PyObject *archive, PyObject *toc_entry)
data = PyObject_CallFunction(decompress, "Oi", raw_data, -15);
Py_DECREF(decompress);
Py_DECREF(raw_data);
if (data != NULL && !PyBytes_Check(data)) {
PyErr_Format(PyExc_TypeError,
"zlib.decompress() must return a bytes object, not "
"%.200s",
Py_TYPE(data)->tp_name);
Py_DECREF(data);
return NULL;
}
return data;
eof_error: