git.ipfire.org Git - thirdparty/Python/cpython.git/commit

author	Shardul Deshpande <iamsharduld@users.noreply.github.com>
	Tue, 23 Jun 2026 09:32:31 +0000 (15:02 +0530)
committer	GitHub <noreply@github.com>
	Tue, 23 Jun 2026 09:32:31 +0000 (11:32 +0200)
commit	da99711d37dba3413af05207ea8b12cb06041c0f
tree	e94c2db55e2956ba10a895cdf7a81e6660f9cc0e	tree \| snapshot
parent	ad38cf82926c0bf41a677da39f0007f77eb6fc3f	commit \| diff

gh-151497: Avoid huge pre-allocation for oversized tarfile extended headers (GH-151498)

tarfile reads a member's extended header (a GNU long name/link or a pax
header) with a single read sized by the header's size field:

buf = tarfile.fileobj.read(self._block(self.size))

The size is taken from the archive and is not validated, so a ~512-byte
crafted file can claim several gigabytes (or, via base-256 encoding, far
more) and make read() pre-allocate that much memory -- on open/iterate,
before any extraction filter runs.

Read the extended-header data in bounded chunks instead, so an oversized
or truncated header can no longer force a huge allocation. The bytes
returned for valid archives are unchanged.

Lib/tarfile.py		diff \| blob \| blame \| history
Lib/test/test_tarfile.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Library/2026-06-15-15-32-36.gh-issue-151497.1cfmSV.rst	[new file with mode: 0644]	blob