Writing a small file into a ZipFile while forcing zip64 extensions results in an incorrect zip file #103861
Comments
pR0Ps
added a commit
to pR0Ps/cpython
that referenced
this issue
Apr 26, 2023
This commit fixes an issue where adding a small file to a `ZipFile` object while forcing zip64 extensions causes an extra Zip64 record to be added to the zip, but doesn't update the `min_version` or file sizes. Fixes python#103861
pR0Ps
added a commit
to pR0Ps/cpython
that referenced
this issue
Apr 26, 2023
This commit fixes an issue where adding a small file to a `ZipFile` object while forcing zip64 extensions causes an extra Zip64 record to be added to the zip, but doesn't update the `min_version` or file sizes. Fixes python#103861
pR0Ps
added a commit
to pR0Ps/cpython
that referenced
this issue
Apr 27, 2023
This commit fixes an issue where adding a small file to a `ZipFile` object while forcing zip64 extensions causes an extra Zip64 record to be added to the zip, but doesn't update the `min_version` or file sizes. Fixes python#103861
pR0Ps
added a commit
to pR0Ps/cpython
that referenced
this issue
Apr 27, 2023
This commit fixes an issue where adding a small file to a `ZipFile` object while forcing zip64 extensions causes an extra Zip64 record to be added to the zip, but doesn't update the `min_version` or file sizes. Fixes python#103861
pR0Ps
added a commit
to pR0Ps/cpython
that referenced
this issue
Apr 27, 2023
This commit fixes an issue where adding a small file to a `ZipFile` object while forcing zip64 extensions causes an extra Zip64 record to be added to the zip, but doesn't update the `min_version` or file sizes. Fixes python#103861
gpshead
pushed a commit
to gpshead/cpython
that referenced
this issue
May 16, 2023
…ed in some cases (pythonGH-103863) Fix Zip64 extensions not being properly applied in some cases: Fixes an issue where adding a small file to a `ZipFile` object while forcing zip64 extensions causes an extra Zip64 record to be added to the zip, but doesn't update the `min_version` or file sizes in the primary central directory header. Also fixed an edge case in checking if zip64 extensions are required: This fixes an issue where if data requiring zip64 extensions was added to an unseekable stream without specifying `force_zip64=True`, zip64 extensions would not be used and a RuntimeError would not be raised when closing the file (even though the size would be known at that point). This would result in successfully writing corrupt zip files. Deciding if zip64 extensions are required outside of the `FileHeader` function means that both `FileHeader` and `_ZipWriteFile` will always be in sync. Previously, the `FileHeader` function could enable zip64 extensions without propagating that decision to the `_ZipWriteFile` class, which would then not correctly write the data descriptor record or check for errors on close. If anyone is actually using `ZipInfo.FileHeader` as a public API without explicitly passing True or False in for zip64, their own code may still be susceptible to that kind of bug unless they make a similar change to where the zip64 decision happens. Fixes pythonGH-103861 --------- Co-authored-by: Gregory P. Smith <[email protected]>. (cherry picked from commit 798bcaa) Co-authored-by: Carey Metcalfe <[email protected]>
carljm
added a commit
to carljm/cpython
that referenced
this issue
May 16, 2023
* main: pythonGH-104510: Fix refleaks in `_io` base types (python#104516) pythongh-104539: Fix indentation error in logging.config.rst (python#104545) pythongh-104050: Don't star-import 'types' in Argument Clinic (python#104543) pythongh-104050: Add basic typing to CConverter in clinic.py (python#104538) pythongh-64595: Fix write file logic in Argument Clinic (python#104507) pythongh-104523: Inline minimal PGO rules (python#104524) pythongh-103861: Fix Zip64 extensions not being properly applied in some cases (python#103863) pythongh-69152: add method get_proxy_response_headers to HTTPConnection class (python#104248) pythongh-103763: Implement PEP 695 (python#103764) pythongh-104461: Run tkinter test_configure_screen on X11 only (pythonGH-104462) pythongh-104469: Convert _testcapi/watchers.c to use Argument Clinic (python#104503) pythongh-104482: Fix error handling bugs in ast.c (python#104483) pythongh-104341: Adjust tstate_must_exit() to Respect Interpreter Finalization (pythongh-104437) pythonGH-102613: Fix recursion error from `pathlib.Path.glob()` (pythonGH-104373)
gpshead
added a commit
that referenced
this issue
May 17, 2023
…some cases (GH-103863) (#104534) Fix Zip64 extensions not being properly applied in some cases: Fixes an issue where adding a small file to a `ZipFile` object while forcing zip64 extensions causes an extra Zip64 record to be added to the zip, but doesn't update the `min_version` or file sizes in the primary central directory header. Also fixed an edge case in checking if zip64 extensions are required: This fixes an issue where if data requiring zip64 extensions was added to an unseekable stream without specifying `force_zip64=True`, zip64 extensions would not be used and a RuntimeError would not be raised when closing the file (even though the size would be known at that point). This would result in successfully writing corrupt zip files. Deciding if zip64 extensions are required outside of the `FileHeader` function means that both `FileHeader` and `_ZipWriteFile` will always be in sync. Previously, the `FileHeader` function could enable zip64 extensions without propagating that decision to the `_ZipWriteFile` class, which would then not correctly write the data descriptor record or check for errors on close. If anyone is actually using `ZipInfo.FileHeader` as a public API without explicitly passing True or False in for zip64, their own code may still be susceptible to that kind of bug unless they make a similar change to where the zip64 decision happens. Fixes GH-103861 --------- . (cherry picked from commit 798bcaa) Co-authored-by: Carey Metcalfe <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
When forcing a small file to be added to a
zipfile.Zipfileobject with zip64 extensions when it doesn't need it, a Zip64 extra record is added to the resulting file, but the minimum version and filesize information are not updated to reflect this.An example of this issue in the wild: pR0Ps/zipstream-ng#13
To reproduce:
Create the file:
Using zipdetails to parse information from the resulting file (red lines are incorrect):
In this case, the Extract Zip Spec should be
0x2D(zipfile.ZIP64_VERSION) and the Compressed/Uncompressed Lengths should both be0xFFFFFFFFin order to defer to the lengths in the Zip64 record.Your environment
Linked PRs
The text was updated successfully, but these errors were encountered: