From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Date: Tue, 19 May 2026 20:38:47 +0000 (+0200) Subject: [3.15] gh-149945: Fix potential OOM for gzip with large header (GH-149979) (GH-150093) X-Git-Tag: v3.15.0b2~122 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=3227857de8ad895fdef7c3d18a9e031f29980029;p=thirdparty%2FPython%2Fcpython.git [3.15] gh-149945: Fix potential OOM for gzip with large header (GH-149979) (GH-150093) Do not read the whole filename and comment to memory for calculating the CRC. (cherry picked from commit 51a5715df9c56f616944cf1b39323bd6ae009143) Co-authored-by: Serhiy Storchaka --- diff --git a/Lib/gzip.py b/Lib/gzip.py index a89ebf806c85..1e05f43c0c9e 100644 --- a/Lib/gzip.py +++ b/Lib/gzip.py @@ -484,14 +484,22 @@ def _read_exact(fp, n): return data -def _read_until_null(fp, append_to): +def _read_until_null(fp, crc=None): '''Read until the first encountered null byte in fp. - Append to given byte array object''' - while True: - s = fp.read(1) - append_to += s - if not s or s == b'\000': - break + If crc is not None, update and return the CRC. + ''' + if crc is None: + while True: + s = fp.read(1) + if not s or s == b'\000': + break + else: + while True: + s = fp.read(1) + crc = zlib.crc32(s, crc) + if not s or s == b'\000': + break + return crc def _read_gzip_header(fp): @@ -517,30 +525,32 @@ def _read_gzip_header(fp): return last_mtime if flag == FNAME: # Read and discard a null-terminated string containing the filename - while True: - s = fp.read(1) - if not s or s==b'\000': - break + _read_until_null(fp) return last_mtime # Processing for more complex flags. Save header parts for FHCRC checking. - header = bytearray(magic + base_header) + if flag & FHCRC: + crc = zlib.crc32(magic + base_header) + else: + crc = None if flag & FEXTRA: extra_len_bytes = _read_exact(fp, 2) extra_len, = struct.unpack("