bpo-45507: EOFErrors should be thrown for truncated gzip members (pyt…

…honGH-29029)
abadger · Nov 19, 2021 · 0ff3d95 · 0ff3d95
1 parent 7e44dc0
commit 0ff3d95
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/Lib/gzip.py b/Lib/gzip.py
@@ -603,6 +603,9 @@ def decompress(data):
         do = zlib.decompressobj(wbits=-zlib.MAX_WBITS)
         # Read all the data except the header
         decompressed = do.decompress(data[fp.tell():])
+        if not do.eof or len(do.unused_data) < 8:
+            raise EOFError("Compressed file ended before the end-of-stream "
+                           "marker was reached")
         crc, length = struct.unpack("<II", do.unused_data[:8])
         if crc != zlib.crc32(decompressed):
             raise BadGzipFile("CRC check failed")

diff --git a/Lib/test/test_gzip.py b/Lib/test/test_gzip.py
@@ -562,6 +562,14 @@ def test_decompress(self):
             datac = gzip.compress(data)
             self.assertEqual(gzip.decompress(datac), data)
 
+    def test_decompress_truncated_trailer(self):
+        compressed_data = gzip.compress(data1)
+        self.assertRaises(EOFError, gzip.decompress, compressed_data[:-4])
+
+    def test_decompress_missing_trailer(self):
+        compressed_data = gzip.compress(data1)
+        self.assertRaises(EOFError, gzip.decompress, compressed_data[:-8])
+
     def test_read_truncated(self):
         data = data1*50
         # Drop the CRC (4 bytes) and file size (4 bytes).

diff --git a/Misc/NEWS.d/next/Library/2021-10-18-14-00-01.bpo-45507.lDotNV.rst b/Misc/NEWS.d/next/Library/2021-10-18-14-00-01.bpo-45507.lDotNV.rst
@@ -0,0 +1 @@
+Add tests for truncated/missing trailers in gzip.decompress implementation.