Fix issue #14315: The zipfile module now ignores extra fields in the central
directory that are too short to be parsed instead of letting a struct.unpack error bubble up as this "bad data" appears in many real world zip files in the wild and is ignored by other zip tools.
This commit is contained in:
parent
58cfdd8af8
commit
0af8a86be8
|
@ -1290,6 +1290,21 @@ class OtherTests(unittest.TestCase):
|
|||
self.assertRaises(ValueError,
|
||||
zipfile.ZipInfo, 'seventies', (1979, 1, 1, 0, 0, 0))
|
||||
|
||||
def test_zipfile_with_short_extra_field(self):
|
||||
"""If an extra field in the header is less than 4 bytes, skip it."""
|
||||
zipdata = (
|
||||
b'PK\x03\x04\x14\x00\x00\x00\x00\x00\x93\x9b\xad@\x8b\x9e'
|
||||
b'\xd9\xd3\x01\x00\x00\x00\x01\x00\x00\x00\x03\x00\x03\x00ab'
|
||||
b'c\x00\x00\x00APK\x01\x02\x14\x03\x14\x00\x00\x00\x00'
|
||||
b'\x00\x93\x9b\xad@\x8b\x9e\xd9\xd3\x01\x00\x00\x00\x01\x00\x00'
|
||||
b'\x00\x03\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x81\x00'
|
||||
b'\x00\x00\x00abc\x00\x00PK\x05\x06\x00\x00\x00\x00'
|
||||
b'\x01\x00\x01\x003\x00\x00\x00%\x00\x00\x00\x00\x00'
|
||||
)
|
||||
with zipfile.ZipFile(io.BytesIO(zipdata), 'r') as zipf:
|
||||
# testzip returns the name of the first corrupt file, or None
|
||||
self.assertIsNone(zipf.testzip())
|
||||
|
||||
def tearDown(self):
|
||||
unlink(TESTFN)
|
||||
unlink(TESTFN2)
|
||||
|
|
|
@ -411,7 +411,7 @@ class ZipInfo (object):
|
|||
# Try to decode the extra field.
|
||||
extra = self.extra
|
||||
unpack = struct.unpack
|
||||
while extra:
|
||||
while len(extra) >= 4:
|
||||
tp, ln = unpack('<HH', extra[:4])
|
||||
if tp == 1:
|
||||
if ln >= 24:
|
||||
|
|
|
@ -18,6 +18,11 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #14315: The zipfile module now ignores extra fields in the central
|
||||
directory that are too short to be parsed instead of letting a struct.unpack
|
||||
error bubble up as this "bad data" appears in many real world zip files in
|
||||
the wild and is ignored by other zip tools.
|
||||
|
||||
- Issue #21402: tkinter.ttk now works when default root window is not set.
|
||||
|
||||
- Issue #10203: sqlite3.Row now truly supports sequence protocol. In particulr
|
||||
|
|
Loading…
Reference in New Issue