alter-bug-tracer added the comment:
@berker.peksag, first of all sorry for the late reply.
We are not sure that we know how to do that. Our tests are generated
automatically. What we can do is retest the lib with your temporary fixes in
place, to see if they fix all the problems our
alter-bug-tracer added the comment:
Hi,
The zip is corrupted on purpose.
I agree, every input should be checked before doing stuff with it.
--
___
Python tracker
<https://bugs.python.org/issue36
New submission from alter-bug-tracer :
The following code throws an IndexError when attempting to extract a malformed
archive (attached):
import zipfile
import sys
zf = zipfile.ZipFile(sys.argv[1])
for info in zf.infolist():
zf.extract(info.filename)
Result:
Traceback (most recent call
New submission from alter-bug-tracer :
The following code throws an AttributeError when attempting to extract a
malformed archive (attached):
import zipfile
import sys
zf = zipfile.ZipFile(sys.argv[1])
for info in zf.infolist():
zf.extract(info.filename)
Result:
Traceback (most recent
New submission from alter-bug-tracer :
The following code throws an AttributeError when attempting to extract a
malformed archive (attached):
import zipfile
import sys
zf = zipfile.ZipFile(sys.argv[1])
for info in zf.infolist():
zf.extract(info.filename)
Result:
Traceback (most recent
alter-bug-tracer added the comment:
Shouldn't all of them be documented? Either that, or converted to csv.Error?
Take, for example, the C++ std.
--
___
Python tracker
<https://bugs.python.org/is
New submission from alter-bug-tracer :
The following code throws an IndexError when attempting to extract a malformed
archive (attached):
import zipfile
import sys
zf = zipfile.ZipFile(sys.argv[1])
for info in zf.infolist():
zf.extract(info.filename)
Result:
Traceback (most recent call
New submission from alter-bug-tracer :
The following code creates a new directory 'output' and extracts the tar
archive given as argv in it. When a malformed archive (attached) is given as
argv, a IsADirectoryError is thrown, as opposed to extracting the file
contained in the arch
alter-bug-tracer added the comment:
It is actually the exact same bug. At that time we were not sure if it security
related or not, so we disclosed it privately and discussed it with Mark. We
were not aware that he has submitted it for us
New submission from alter-bug-tracer :
The 'lower' method is called on a Header object when trying to parse the
attached file.
Code:
import email
import sys
with open(sys.argv[1], "rb") as f:
msg = email.message_from_binary_file(f)
print (len(msg))
New submission from alter-bug-tracer :
UnicodeDecodeError is thrown instead of csv.Error when parsing malformed inputs.
Examples:
1. file0
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xd5 in position 0: invalid
continuation byte
Traceback (most recent call last):
File
11 matches
Mail list logo
