Bug report
Bug description:
(This was found by Gemini, orchestrated by Dirk Mueller at SUSE)
For GHSA-pg25-7cx5-cvcm the "next_in" pointers were reset to NULL. However if the decompressor is reused, the "avail_in_real" counter should also be reset to "0" at this time, as if its reused again, next_in and avail_in_real might not be in sync again.
This affects
Modules/_bz2module.c
Modules/_lzmamodule.c
Modules/zlibmodule.c
For bz2, everywhere where next_in is set to NULL, avail_in_real also needs to be set to 0.
++ bzs->next_in = NULL;
should also set
bzs->avail_in_real = 0;
similar for the others.
This is largely hardening. It is not clear if these use cases exist.
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
Bug report
Bug description:
(This was found by Gemini, orchestrated by Dirk Mueller at SUSE)
For GHSA-pg25-7cx5-cvcm the "next_in" pointers were reset to NULL. However if the decompressor is reused, the "avail_in_real" counter should also be reset to "0" at this time, as if its reused again, next_in and avail_in_real might not be in sync again.
This affects
For bz2, everywhere where next_in is set to NULL, avail_in_real also needs to be set to 0.
similar for the others.
This is largely hardening. It is not clear if these use cases exist.
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux