Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-08 06:10:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

[3.13] gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027) (#137170)

Browse source 
gh-130577: tarfile now validates archives to ensure member offsets are non-negative (GH-137027)
(cherry picked from commit 7040aa54f1)

Co-authored-by: Alexander Urieles <aeurielesn@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
This commit is contained in:
Miss Islington (bot) 2025-07-28 17:59:33 +02:00 committed by GitHub
parent 3f57d9be8b
commit cdae923ffe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 162 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Lib/tarfile.py
View file

@ -1636,6 +1636,9 @@ def _block(self, count):
"""Round up a byte count by BLOCKSIZE and return it,
e.g. _block(834) => 1024.
"""
# Only non-negative offsets are allowed
if count < 0:
raise InvalidHeaderError("invalid offset")
blocks, remainder = divmod(count, BLOCKSIZE)
if remainder:
blocks += 1