[3.14] gh-151981: Make tarfile._Stream.seek break at EOF (GH-151982) (#151992)

author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>

Tue, 23 Jun 2026 13:46:18 +0000 (15:46 +0200)

committer GitHub <noreply@github.com>

Tue, 23 Jun 2026 13:46:18 +0000 (14:46 +0100)
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Tue, 23 Jun 2026 13:46:18 +0000 (15:46 +0200)
committer GitHub <noreply@github.com>
Tue, 23 Jun 2026 13:46:18 +0000 (14:46 +0100)
diff --git a/Lib/tarfile.py b/Lib/tarfile.py

index e6734db24f642e8452a9d342943541785137794c..39b1cd6514c143d8cfeeda5863d1510fa23ff10f 100644 (file)
--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@@ -524,7 +524,9 @@ class _Stream:
          if pos - self.pos >= 0:
              blocks, remainder = divmod(pos - self.pos, self.bufsize)
              for i in range(blocks):
-                self.read(self.bufsize)
+                data = self.read(self.bufsize)
+                if not data:
+                    break
              self.read(remainder)
          else:
              raise StreamError("seeking backwards is not allowed")
diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py

index d974c7d46ec18c08ed22fa5d34b6c2e15ae64fcb..8503024a69048bc0058be36a1e2e9947392ba79a 100644 (file)
--- a/Lib/test/test_tarfile.py
+++ b/Lib/test/test_tarfile.py
@@ -4762,6 +4762,22 @@ class TestExtractionFilters(unittest.TestCase):
          with self.check_context(arc.open(errorlevel='boo!'), filtererror_filter):
              self.expect_exception(TypeError)  # errorlevel is not int
  
+    @support.subTests('format', [tarfile.GNU_FORMAT, tarfile.PAX_FORMAT])
+    def test_getmembers_big_size(self, format):
+        # gh-151981: A loop in seek() for streaming files tried to read the
+        # declared number of blocks even at EOF
+        tinfo = tarfile.TarInfo("huge-file")
+        tinfo.size = 1 << 64
+        bio = io.BytesIO()
+        # Write header without data
+        bio.write(tinfo.tobuf(format))
+
+        # Reset & try to get contents
+        bio.seek(0)
+        with tarfile.open(fileobj=bio, mode="r|") as tar:
+            with self.assertRaises(tarfile.ReadError):
+                tar.getmembers()
+
  
  class OverwriteTests(archiver_tests.OverwriteTests, unittest.TestCase):
      testdir = os.path.join(TEMPDIR, "testoverwrite")
diff --git a/Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst b/Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst

new file mode 100644 (file)

index 0000000..2123ab8
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst
@@ -0,0 +1,2 @@
+In :mod:`tarfile`, seeking a stream now stops when end of the stream is
+reached.
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Tue, 23 Jun 2026 13:46:18 +0000 (15:46 +0200)
committer	GitHub <noreply@github.com>
	Tue, 23 Jun 2026 13:46:18 +0000 (14:46 +0100)
Lib/tarfile.py		patch \| blob \| blame \| history
Lib/test/test_tarfile.py		patch \| blob \| blame \| history
Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst	[new file with mode: 0644]	patch \| blob