From: balmeida-nokia <83089745+balmeida-nokia@users.noreply.github.com>
Date: Mon, 21 Aug 2023 11:39:06 +0000 (+0100)
Subject: gh-107396: tarfiles: set self.exception before _init_read_gz() (GH-107485)
X-Git-Tag: v3.13.0a1~883
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=37135d25e269ede92bc7da363bebfa574782e59a;p=thirdparty%2FPython%2Fcpython.git

gh-107396: tarfiles: set self.exception before _init_read_gz() (GH-107485)


In the stack call of: _init_read_gz()
```
_read, tarfile.py:548
read, tarfile.py:526
_init_read_gz, tarfile.py:491
```
a try;except exists that uses `self.exception`, so it needs to be set before
calling _init_read_gz().
---

diff --git a/Lib/tarfile.py b/Lib/tarfile.py
index 1147d59d3d51..a835d00c90c9 100755
--- a/Lib/tarfile.py
+++ b/Lib/tarfile.py
@@ -372,8 +372,8 @@ class _Stream:
                 self.zlib = zlib
                 self.crc = zlib.crc32(b"")
                 if mode == "r":
-                    self._init_read_gz()
                     self.exception = zlib.error
+                    self._init_read_gz()
                 else:
                     self._init_write_gz(compresslevel)
 
diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
index 2cdf2c1fc2f2..0d6ca4315cfd 100644
--- a/Lib/test/test_tarfile.py
+++ b/Lib/test/test_tarfile.py
@@ -938,6 +938,23 @@ class LzmaDetectReadTest(LzmaTest, DetectReadTest):
     pass
 
 
+class GzipBrokenHeaderCorrectException(GzipTest, unittest.TestCase):
+    """
+    See: https://github.com/python/cpython/issues/107396
+    """
+    def runTest(self):
+        f = io.BytesIO(
+            b'\x1f\x8b'  # header
+            b'\x08'  # compression method
+            b'\x04'  # flags
+            b'\0\0\0\0\0\0'  # timestamp, compression data, OS ID
+            b'\0\x01'  # size
+            b'\0\0\0\0\0'  # corrupt data (zeros)
+        )
+        with self.assertRaises(tarfile.ReadError):
+            tarfile.open(fileobj=f, mode='r|gz')
+
+
 class MemberReadTest(ReadTest, unittest.TestCase):
 
     def _test_member(self, tarinfo, chksum=None, **kwargs):
diff --git a/Misc/NEWS.d/next/Library/2023-07-31-07-36-24.gh-issue-107396.3_Kh6D.rst b/Misc/NEWS.d/next/Library/2023-07-31-07-36-24.gh-issue-107396.3_Kh6D.rst
new file mode 100644
index 000000000000..73bff4bdbe02
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2023-07-31-07-36-24.gh-issue-107396.3_Kh6D.rst
@@ -0,0 +1 @@
+tarfiles; Fixed use before assignment of self.exception for gzip decompression