[ python-Bugs-1622896 ] Exception when compressing certain data with bz2

Thu, 28 Dec 2006 00:27:43 -0800 

Bugs item #1622896, was opened at 2006-12-27 05:26
Message generated for change (Comment added) made by nnorwitz
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1622896&group_id=5470

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
>Category: Extension Modules
Group: Python 2.5
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Alex Gontmakher (gsasha)
Assigned to: Nobody/Anonymous (nobody)
Summary: Exception when compressing certain data with bz2

Initial Comment:
Looks like an out-of-bounds array access... might be a security problem.

The attached file includes a script which, when executed, tries to pack the two 
given directories with a bz2 compressor. On my machine (stock 32 bit Ubuntu 
Edgy), the program fails with the following exception: 
--------------------
Traceback (most recent call last):
  File "test.py", line 13, in ?
    block = compressor.compress(open("compress-0067/"+file, "rb").read())
ValueError: the bz2 library has received wrong parameters
--------------------

The problem occurs under either python2.4 or 2.5 (I don't have other versions 
to test with).

Sorry, the file is large... I tried to reduce the example to smaller number of 
files etc., but no such luck. The file is too large to be submitted here as an 
attachment, so I have uploaded it to 
http://www.cs.technion.ac.il/~gsasha/testcase.tar.bz2



----------------------------------------------------------------------

>Comment By: Neal Norwitz (nnorwitz)
Date: 2006-12-28 00:27

Message:
Logged In: YES 
user_id=33168
Originator: NO

I don't understand why you think this is an array out of bounds.  I ran
your test case under valgrind and it reported no problems.

I can reproduce the problem.  I have attached a patch that fixes the
problem for me.  I am not certain it's the correct fix however.  The unit
tests pass with this modification.
File Added: bz2.diff

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1622896&group_id=5470
_______________________________________________
Python-bugs-list mailing list 
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to