homepage

The call ends with:
Objects/stringobject.c:3884: bad argument to internal function
sys.version:
'2.7.2 (default, Jun 13 2011, 15:14:50) \n[GCC 4.4.5]'
(on 64bit Linux)

I can't reproduce this. Can you please provide a test script along with input data that allows us to reproduce this error?

Wow! Quick follow-up.
 
The data file is about 1.6Gb. Is there a preferred way to pass it on (I suspect that the bug tracker is not the preferred way).
The code goes like:
import bz2
f = file("foobar.bz2", mode="rb")
src_buf = f.read()
decomp = bz2.BZ2Decompressor()
tmp = decomp.decompress(src_buf)

I have been able to reproduce it; see attached script. It happens for
inputs of 2GB (decompressed), but not for ones of 1GB.
It seems that bz2module.c doesn't guard against 32-bit overflows when
handling the size of the decompressed data. This affects both the
BZ2Decompressor object's decompress() method, and the module-level
decompress() function. All python versions prior to 3.3 are affected.

(the contents of the input file don't matter; I just pulled out a
bunch of zeros from /dev/zero and compressed them with bzip2.)

This should be fixed for 2.7.3. I'll have a patch ready in the next day
or two.

This isn't a regression, is it? If it's not, I don't think it's essential to get into 2.7.3.

No, it's been around since at least 2.6. I wasn't really sure what the
protocol was for bugs found during the RC process. It'd be nice to get
a fix for this into 2.7.3 (and 3.2.3), but it's not urgent.

Nadeem: the final release candidate of 2.7.3 was already made. Any further change would require another release candidate, which in turn would delay the release further. This has to wait for 2.7.4.

That's fine by me, then. Sorry for the confusion.

New changeset ebb8c7d79f52 by Nadeem Vawda in branch '3.2':
Issue #14398: Fix size truncation and overflow bugs in bz2 module.
http://hg.python.org/cpython/rev/ebb8c7d79f52
New changeset 25fdf297c077 by Nadeem Vawda in branch '3.3':
Merge #14398: Fix size truncation and overflow bugs in bz2 module.
http://hg.python.org/cpython/rev/25fdf297c077
New changeset d6bf506ea13f by Nadeem Vawda in branch 'default':
Merge #14398: Fix size truncation and overflow bugs in bz2 module.
http://hg.python.org/cpython/rev/d6bf506ea13f 

What about 2.7?

I'm working on it now. Will push in the next 15 minutes or so.

New changeset f03a335621ce by Nadeem Vawda in branch '2.7':
Issue #14398: Fix size truncation and overflow bugs in bz2 module.
http://hg.python.org/cpython/rev/f03a335621ce 

All fixed, along with some other similar but harder-to-trigger bugs.
Thanks for the bug report, Laurent!

Why does only 2.7 have tests?

An oversight on my part, I think. I'll add tests for 3.x this weekend.

Hmm, so actually most of the bugs fixed in 2.7 and 3.2 weren't present
in 3.3 and 3.4, and those versions already had tests equivalent to the
tests I added for 2.7/3.2.
As for the changes that I did make to 3.3/3.4:
- two of the three cover cases that only occur if the output data is
 larger than ~32GiB. Even if we have a buildbot with enough memory for
 it (which I don't think we do), actually running such tests would take
 forever and then some.
- the third is for a condition that's actually pretty much impossible to
 trigger - grow_buffer() has to be called on a buffer that is already at
 least 8*((size_t)-1)/9 bytes long. On a 64-bit system this is
 astronomically large, while on a 32-bit system the OS will probably
 have reserved more than 1/9th of the virtual address space for itself,
 so it won't be possible to allocate a large enough buffer.