From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Sat, 27 Jun 2026 17:32:34 +0000 (+0200)
Subject: [3.10] gh-151981: Make tarfile._Stream.seek break at EOF (GH-151982) (#151996)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb63c0f94dfcbea7fda8eab6213818e134d67192;p=thirdparty%2FPython%2Fcpython.git

[3.10] gh-151981: Make tarfile._Stream.seek break at EOF (GH-151982) (#151996)

gh-151981: Make tarfile._Stream.seek break at EOF (GH-151982)
(cherry picked from commit f50bf13566189c8d0ce5a814f33eff3d89951896)

Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Stan Ulbrych <stan@python.org>
---

diff --git a/Lib/tarfile.py b/Lib/tarfile.py
index 409d58fd9046..6e18c5045f18 100755
--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@@ -514,7 +514,9 @@ class _Stream:
         if pos - self.pos >= 0:
             blocks, remainder = divmod(pos - self.pos, self.bufsize)
             for i in range(blocks):
-                self.read(self.bufsize)
+                data = self.read(self.bufsize)
+                if not data:
+                    break
             self.read(remainder)
         else:
             raise StreamError("seeking backwards is not allowed")
diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
index 65b70aad4451..9c5a9a72c738 100644
--- a/Lib/test/test_tarfile.py
+++ b/Lib/test/test_tarfile.py
@@ -4292,6 +4292,22 @@ class TestExtractionFilters(unittest.TestCase):
         with self.check_context(arc.open(errorlevel='boo!'), filtererror_filter):
             self.expect_exception(TypeError)  # errorlevel is not int
 
+    @support.subTests('format', [tarfile.GNU_FORMAT, tarfile.PAX_FORMAT])
+    def test_getmembers_big_size(self, format):
+        # gh-151981: A loop in seek() for streaming files tried to read the
+        # declared number of blocks even at EOF
+        tinfo = tarfile.TarInfo("huge-file")
+        tinfo.size = 1 << 64
+        bio = io.BytesIO()
+        # Write header without data
+        bio.write(tinfo.tobuf(format))
+
+        # Reset & try to get contents
+        bio.seek(0)
+        with tarfile.open(fileobj=bio, mode="r|") as tar:
+            with self.assertRaises(tarfile.ReadError):
+                tar.getmembers()
+
 
 class OffsetValidationTests(unittest.TestCase):
     tarname = tmpname
diff --git a/Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst b/Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst
new file mode 100644
index 000000000000..2123ab8e081b
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2026-06-23-13-28-16.gh-issue-151981.xBHEcU.rst
@@ -0,0 +1,2 @@
+In :mod:`tarfile`, seeking a stream now stops when end of the stream is
+reached.