bpo-45509: Check gzip headers for corrupted fields #29028
Conversation
rhpvorderman
changed the title
|
This PR is stale because it has been open for 30 days with no activity. |
Lib/gzip.py
Outdated
| @@ -430,29 +430,42 @@ def _read_gzip_header(fp): | |||
|
|
|||
| if magic != b'\037\213': | |||
| raise BadGzipFile('Not a gzipped file (%r)' % magic) | |||
|
|
|||
| (method, flag, last_mtime) = struct.unpack("<BBIxx", _read_exact(fp, 8)) | |||
| header_buffer = io.BytesIO() | |||
There was a problem hiding this comment.
Try to use a bytearray instead of io.BytesIO. Would it be faster? In what cases?
There was a problem hiding this comment.
Performance improvement was necessary (see bug report). So I made it better the following way:
- When the data is read from
fpa bytes object is created. Instead of passing it anonymously to the functions that performs the check it is saved as a local variable. - The FHCRC flag is checked and the result is saved as
fhcrc, so the check runs only once. - When
fhcrcis truthy, aheader_partslist is created. - Every time
fpis read andfhcrcis truthy the already created bytes objects are appended to theheader_partslist. List appending has a very low overhead. It simply expands an array of PyObject pointers. Pointers that we already have as the named bytes objects. - When the header should be checked, a
b"".join(header_parts)is called to recreate the header.
This means for the most common use cases (no flags or only FNAME set) that only a few extra truthy checks are performed. This comes at a very low cost of 3% (see the bug report for results).
This is worth it since it enables correct truncation checking for FNAME and FCOMMENT as well as enabling checking of the header CRC when FHCRC is set.
rhpvorderman
force-pushed
the
bpo-45509
branch
2 times, most recently
from
1f308a4 to
453ba11
Compare
|
@serhiy-storchaka Thank you for taking a look and thank you for your insights. I have updated the PR accordingly. It is much better now in terms of performance. |
rhpvorderman
force-pushed
the
bpo-45509
branch
from
453ba11 to
617e064
Compare
github-actions
bot
removed
the
stale
Call the bool method and cache the result for faster truth checking. Do not test for empty bytes but use "not magic" instead for faster truth checking.
|
I made a small tweek that shaves off another 2 microseconds
|
Those are: + Only FNAME set. (Created by gzip and python's GzipFile) + No flags set. (Created by gzip.compress and zlib.compress with wbits=31)
|
With further performance tweaks, reading the gzip header is now either faster or neutral compared to the most common flags (no flags, or only FNAME set). See bpo-45509 for more performance details. The performance tweaks are:
|
|
@serhiy-storchaka The PR is ready for re-review when you have the time. The performance issue has been addressed. |
|
All commit authors signed the Contributor License Agreement. |
Check whether the COMMENT, NAME and HCRC fields are correct.
EDIT: Additionally, slightly increase performance for header checking for headers produced by gzip.compress or zlib.compress.
https://bugs.python.org/issue45509