search

smihica / pyminizip

To create a password encrypted zip file in python.
Other
106 stars 36 forks source link

compress_multiple is crashing with zlib 1.3.* #53

Open talzich opened 4 months ago

talzich commented 4 months ago

When running the compress_multiple function with zlib 1.3.* it crashes, even when runningnwith the same parameters and on the same machine as before, but simply updating zlib.

kgal-pan commented 4 months ago

Can reproduce this quite easily:

docker run --rm -it demisto/py3-tools:1.0.0.91908 sh

\# touch /tmp/file_1
\# touch /tmp/file_2
\# python
Python 3.10.14 (main, Mar 25 2024, 22:10:56) [GCC 13.2.1 20231014] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import zlib
>>> zlib.ZLIB_VERSION
'1.3.1'
>>> import pyminizip
>>> pyminizip.compress_multiple(["file_1", "txt"], ["/tmp", "/tmp"], "/tmp/out.zip", "1234", 5)
Segmentation fault

When I try to get the stacktrace using gdb, I get an I/O error:

> cat /tmp/r.py
import sys

def trace_func(frame, event, arg):
    """
    A sample trace function to be used with sys.settrace().

    Args:
    - frame: current frame object
    - event: type of event ('call', 'line', 'return', 'exception', 'c_call', 'c_return', 'c_exception')
    - arg: event-specific value (e.g., function name for 'call' event)

    Returns:
    - trace_func: the trace function itself
    """

    # Print the event and the current line being executed
    print(f"Event: {event}, Line: {frame.f_lineno}, Function: {frame.f_code.co_name}, File: {frame.f_code.co_filename}")

    # Returning the trace function to continue tracing
    return trace_func

sys.settrace(trace_func)

import pyminizip
pyminizip.compress_multiple(["file_1", "txt"], ["/tmp", "/tmp"], "/tmp/out.zip", "1234", 5)
> gdb python

> (gdb) file /usr/local/lib/python3.10/site-packages/pyminizip.cpython-310-x86_64-linux-gnu.so
Reading symbols from /usr/local/lib/python3.10/site-packages/pyminizip.cpython-310-x86_64-linux-gnu.so...

> (gdb) run /tmp/r.py
Starting program: /usr/local/bin/python /tmp/r.py
warning: linux_ptrace_test_ret_to_nx: Cannot PTRACE_GETREGS: I/O error
warning: linux_ptrace_test_ret_to_nx: PC 0x7ffffed3e844 is neither near return address 0x7ffffe71f000 nor is the return instruction 0x5555558f6291!
Couldn't get CS register: I/O error.
> (gdb) backtrace
Python Exception <class 'gdb.error'>: Couldn't get registers: I/O error.
Couldn't get registers: I/O error.

I'm pretty sure I'm getting the I/O error because i'm running this binary on an Apple Silicon CPU (https://github.com/docker/for-mac/issues/6921).

When running on host machine (Apple M3 Pro, 14.4.1 (23E224)), we can see the call causing the OSError is coming coming from codecs module, decode function:

❯ brew info zlib
==> zlib: stable 1.3.1 (bottled), HEAD [keg-only]

❯ python /tmp/r.py

Event: call, Line: 1022, Function: _find_and_load, File: <frozen importlib._bootstrap>
Event: line, Line: 1024, Function: _find_and_load, File: <frozen importlib._bootstrap>
Event: call, Line: 165, Function: __init__, File: <frozen importlib._bootstrap>
...
Event: return, Line: 325, Function: decode, File: ~/.pyenv/versions/3.10.13/lib/python3.10/codecs.py
    pyminizip.compress_multiple(["file_1", "txt"], ["/tmp", "/tmp"], "/tmp/out.zip", "1234", 5)
OSError: error in opening file_1 for reading
kgal-pan commented 4 months ago

Issue https://github.com/smihica/pyminizip/issues/33 seems to be the same