[3.11] gh-103861: Fix Zip64 extensions not being properly applied in some cases (GH-103863) #104534
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ed in some cases (pythonGH-103863) Fix Zip64 extensions not being properly applied in some cases: Fixes an issue where adding a small file to a `ZipFile` object while forcing zip64 extensions causes an extra Zip64 record to be added to the zip, but doesn't update the `min_version` or file sizes in the primary central directory header. Also fixed an edge case in checking if zip64 extensions are required: This fixes an issue where if data requiring zip64 extensions was added to an unseekable stream without specifying `force_zip64=True`, zip64 extensions would not be used and a RuntimeError would not be raised when closing the file (even though the size would be known at that point). This would result in successfully writing corrupt zip files. Deciding if zip64 extensions are required outside of the `FileHeader` function means that both `FileHeader` and `_ZipWriteFile` will always be in sync. Previously, the `FileHeader` function could enable zip64 extensions without propagating that decision to the `_ZipWriteFile` class, which would then not correctly write the data descriptor record or check for errors on close. If anyone is actually using `ZipInfo.FileHeader` as a public API without explicitly passing True or False in for zip64, their own code may still be susceptible to that kind of bug unless they make a similar change to where the zip64 decision happens. Fixes pythonGH-103861 --------- Co-authored-by: Gregory P. Smith <greg@krypto.org>. (cherry picked from commit 798bcaa) Co-authored-by: Carey Metcalfe <carey@cmetcalfe.ca>
gpshead
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix Zip64 extensions not being properly applied in some cases:
Fixes an issue where adding a small file to a
ZipFileobject while forcing zip64 extensions causes an extra Zip64 record to be added to the zip, but doesn't update themin_versionor file sizes in the primary central directory header.Also fixed an edge case in checking if zip64 extensions are required:
This fixes an issue where if data requiring zip64 extensions was added to an unseekable stream without specifying
force_zip64=True, zip64 extensions would not be used and a RuntimeError would not be raised when closing the file (even though the size would be known at that point). This would result in successfully writing corrupt zip files.Deciding if zip64 extensions are required outside of the
FileHeaderfunction means that bothFileHeaderand_ZipWriteFilewill always be in sync. Previously, theFileHeaderfunction could enable zip64 extensions without propagating that decision to the_ZipWriteFileclass, which would then not correctly write the data descriptor record or check for errors on close.If anyone is actually using
ZipInfo.FileHeaderas a public API without explicitly passing True or False in for zip64, their own code may still be susceptible to that kind of bug unless they make a similar change to where the zip64 decision happens.Fixes GH-103861
(cherry picked from commit 798bcaa)