[GR-35700] Read GZip header before decompression

PullRequest: graalpython/2080

Author: qunaibit

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/zlib/ZLibCompObject.java

@@ -43,16 +43,22 @@
 import static com.oracle.graal.python.builtins.PythonBuiltinClassType.ZlibCompress;
 import static com.oracle.graal.python.builtins.PythonBuiltinClassType.ZlibDecompress;
 import static com.oracle.graal.python.builtins.modules.zlib.ZLibModuleBuiltins.MAX_WBITS;
+import static com.oracle.graal.python.builtins.objects.bytes.BytesUtils.mask;
+import static com.oracle.graal.python.runtime.exception.PythonErrorType.ZLibError;
 
+import java.util.zip.CRC32;
 import java.util.zip.DataFormatException;
 import java.util.zip.Deflater;
 import java.util.zip.Inflater;
 
 import com.oracle.graal.python.builtins.objects.bytes.PBytes;
 import com.oracle.graal.python.builtins.objects.object.PythonBuiltinObject;
+import com.oracle.graal.python.nodes.PRaiseNode;
 import com.oracle.graal.python.runtime.NFIZlibSupport;
 import com.oracle.graal.python.runtime.object.PythonObjectFactory;
+import com.oracle.graal.python.util.PythonUtils;
 import com.oracle.truffle.api.CompilerDirectives.TruffleBoundary;
+import com.oracle.truffle.api.nodes.Node;
 import com.oracle.truffle.api.object.Shape;
 
 public abstract class ZLibCompObject extends PythonBuiltinObject {
@@ -109,6 +115,7 @@ protected static class JavaZlibCompObject extends ZLibCompObject {
 
         private byte[] inputData; // helper for copy operation
         private boolean canCopy; // to assist if copying is allowed
+        private boolean readHeader;
 
         public JavaZlibCompObject(Object cls, Shape instanceShape, Object stream, int level, int wbits, int strategy, byte[] zdict) {
             super(cls, instanceShape);
@@ -119,6 +126,7 @@ public JavaZlibCompObject(Object cls, Shape instanceShape, Object stream, int le
             this.strategy = strategy;
             this.inputData = null;
             this.canCopy = true;
+            this.readHeader = wbits >= 25 && wbits <= 31;
         }
 
         public JavaZlibCompObject(Object cls, Shape instanceShape, Object stream, int wbits, byte[] zdict) {
@@ -146,11 +154,17 @@ public void setDeflaterInput(byte[] data) {
         }
 
         @TruffleBoundary
-        public void setInflaterInput(byte[] data) {
+        public void setInflaterInput(byte[] data, Node node) {
             assert stream instanceof Inflater;
+            byte[] bytes = data;
+            if (readHeader) {
+                readHeader = false;
+                int h = gzipHeader(data, node);
+                bytes = PythonUtils.arrayCopyOfRange(bytes, h, data.length - h);
+            }
             canCopy = inputData == null;
-            inputData = data;
-            ((Inflater) stream).setInput(data);
+            inputData = bytes;
+            ((Inflater) stream).setInput(bytes);
         }
 
         @TruffleBoundary
@@ -172,7 +186,7 @@ public ZLibCompObject copyCompressObj(PythonObjectFactory factory) {
         }
 
         @TruffleBoundary
-        public ZLibCompObject copyDecompressObj(PythonObjectFactory factory) {
+        public ZLibCompObject copyDecompressObj(PythonObjectFactory factory, Node node) {
             assert canCopy;
             boolean isRAW = wbits < 0;
             Inflater inflater = new Inflater(isRAW || wbits > (MAX_WBITS + 9));
@@ -182,7 +196,7 @@ public ZLibCompObject copyDecompressObj(PythonObjectFactory factory) {
             ZLibCompObject obj = factory.createJavaZLibCompObject(ZlibDecompress, inflater, wbits, zdict);
             if (inputData != null) {
                 try {
-                    ((JavaZlibCompObject) obj).setInflaterInput(inputData);
+                    ((JavaZlibCompObject) obj).setInflaterInput(inputData, node);
                     inflater.setInput(inputData);
                     int n = inflater.inflate(new byte[ZLibModuleBuiltins.DEF_BUF_SIZE]);
                     if (!isRAW && n == 0 && inflater.needsDictionary() && zdict.length > 0) {
@@ -197,6 +211,74 @@ public ZLibCompObject copyDecompressObj(PythonObjectFactory factory) {
             obj.setUnusedData(getUnusedData());
             return obj;
         }
+
+        public static final int GZIP_MAGIC = 0x8b1f;
+        private static final int FHCRC = 2;    // Header CRC
+        private static final int FEXTRA = 4;    // Extra field
+        private static final int FNAME = 8;    // File name
+        private static final int FCOMMENT = 16;   // File comment
+
+        private static int getValue(byte b, CRC32 crc) {
+            int v = mask(b);
+            crc.update(v);
+            return v;
+        }
+
+        private static int readShort(byte[] bytes, int off, CRC32 crc) {
+            return getValue(bytes[off + 1], crc) << 8 | getValue(bytes[off], crc);
+        }
+
+        // logic is from GZIPInputStream.readHeader()
+        @TruffleBoundary
+        private static int gzipHeader(byte[] bytes, Node node) {
+            CRC32 crc = new CRC32();
+            int idx = 0;
+            // Check header magic
+            if (readShort(bytes, idx, crc) != GZIP_MAGIC) {
+                throw PRaiseNode.raiseUncached(node, ZLibError, "Not in GZIP format");
+            }
+            idx += 2;
+            // Check compression method
+            if (getValue(bytes[idx++], crc) != 8) {
+                throw PRaiseNode.raiseUncached(node, ZLibError, "Unsupported compression method");
+            }
+            // Read flags
+            int flg = getValue(bytes[idx++], crc);
+            // Skip MTIME, XFL, and OS fields
+            idx += 6;
+            int n = 2 + 2 + 6;
+            // Skip optional extra field
+            if ((flg & FEXTRA) == FEXTRA) {
+                int m = getValue(bytes[idx++], crc);
+                idx += m;
+                n += m + 2;
+            }
+            // Skip optional file name
+            if ((flg & FNAME) == FNAME) {
+                do {
+                    n++;
+                } while (getValue(bytes[idx++], crc) != 0);
+            }
+            // Skip optional file comment
+            if ((flg & FCOMMENT) == FCOMMENT) {
+                do {
+                    n++;
+                } while (getValue(bytes[idx++], crc) != 0);
+            }
+            // Check optional header CRC
+            crc.reset();
+            if ((flg & FHCRC) == FHCRC) {
+                int v = (int) crc.getValue() & 0xffff;
+                if (readShort(bytes, idx, crc) != v) {
+                    throw PRaiseNode.raiseUncached(node, ZLibError, "Corrupt GZIP header");
+                }
+                idx += 2;
+                n += 2;
+            }
+            crc.reset();
+            return idx;
+        }
+
     }
 
     public boolean isInitialized() {

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/zlib/ZlibDecompressBuiltins.java

@@ -151,7 +151,7 @@ abstract static class BaseCopyNode extends PNodeWithContext {
         public abstract Object execute(ZLibCompObject self, PythonContext ctxt, PythonObjectFactory factory);
 
         @Specialization(guards = "self.isInitialized()")
-        Object doNative(ZLibCompObject.NativeZlibCompObject self, PythonContext ctxt, PythonObjectFactory factory,
+        static Object doNative(ZLibCompObject.NativeZlibCompObject self, PythonContext ctxt, PythonObjectFactory factory,
                         @Cached NativeLibrary.InvokeNativeFunction createCompObject,
                         @Cached NativeLibrary.InvokeNativeFunction decompressObjCopy,
                         @Cached NativeLibrary.InvokeNativeFunction deallocateStream,
@@ -173,19 +173,19 @@ Object doNative(ZLibCompObject.NativeZlibCompObject self, PythonContext ctxt, Py
 
         @Specialization(guards = {"self.isInitialized()", "self.canCopy()"})
         Object doJava(ZLibCompObject.JavaZlibCompObject self, @SuppressWarnings("unused") PythonContext ctxt, PythonObjectFactory factory) {
-            return self.copyDecompressObj(factory);
+            return self.copyDecompressObj(factory, this);
         }
 
         @SuppressWarnings("unused")
         @Specialization(guards = {"self.isInitialized()", "!self.canCopy()"})
-        PNone error(ZLibCompObject.JavaZlibCompObject self, PythonContext ctxt, PythonObjectFactory factory,
+        static PNone error(ZLibCompObject.JavaZlibCompObject self, PythonContext ctxt, PythonObjectFactory factory,
                         @Cached.Shared("r") @Cached PRaiseNode raise) {
             throw raise.raise(NotImplementedError, "JDK based zlib doesn't support copying");
         }
 
         @SuppressWarnings("unused")
         @Specialization(guards = "!self.isInitialized()")
-        PNone error(ZLibCompObject self, PythonContext ctxt, PythonObjectFactory factory,
+        static PNone error(ZLibCompObject self, PythonContext ctxt, PythonObjectFactory factory,
                         @Cached.Shared("r") @Cached PRaiseNode raise) {
             throw raise.raise(ValueError, INCONSISTENT_STREAM_STATE);
         }
@@ -291,12 +291,12 @@ PBytes doit(ZLibCompObject.NativeZlibCompObject self,
         }
 
         @Specialization(guards = "!self.isInitialized()")
-        PBytes doeof(ZLibCompObject.NativeZlibCompObject self) {
+        static PBytes doeof(ZLibCompObject.NativeZlibCompObject self) {
             return self.getUnusedData();
         }
 
         @Specialization
-        PBytes doit(ZLibCompObject.JavaZlibCompObject self) {
+        static PBytes doit(ZLibCompObject.JavaZlibCompObject self) {
             return self.getUnusedData();
         }
     }
@@ -314,12 +314,12 @@ PBytes doit(ZLibCompObject.NativeZlibCompObject self,
         }
 
         @Specialization(guards = "!self.isInitialized()")
-        PBytes doeof(ZLibCompObject.NativeZlibCompObject self) {
+        static PBytes doeof(ZLibCompObject.NativeZlibCompObject self) {
             return self.getUnconsumedTail();
         }
 
         @Specialization
-        PBytes doit(ZLibCompObject.JavaZlibCompObject self) {
+        static PBytes doit(ZLibCompObject.JavaZlibCompObject self) {
             return self.getUnconsumedTail();
         }
     }
@@ -328,7 +328,7 @@ PBytes doit(ZLibCompObject.JavaZlibCompObject self) {
     @GenerateNodeFactory
     abstract static class EOFNode extends PythonUnaryBuiltinNode {
         @Specialization(guards = "self.isEof() || !self.isInitialized()")
-        boolean doit(ZLibCompObject.NativeZlibCompObject self) {
+        static boolean doit(ZLibCompObject.NativeZlibCompObject self) {
             return self.isEof();
         }
 
@@ -344,7 +344,7 @@ boolean getit(ZLibCompObject.NativeZlibCompObject self,
         }
 
         @Specialization
-        boolean doit(ZLibCompObject.JavaZlibCompObject self) {
+        static boolean doit(ZLibCompObject.JavaZlibCompObject self) {
             return self.isEof();
         }
     }

graalpython/com.oracle.graal.python/src/com/oracle/graal/python/builtins/modules/zlib/ZlibNodes.java

@@ -85,6 +85,7 @@
 import com.oracle.graal.python.util.OverflowException;
 import com.oracle.graal.python.util.PythonUtils;
 import com.oracle.truffle.api.CompilerDirectives;
+import com.oracle.truffle.api.CompilerDirectives.TruffleBoundary;
 import com.oracle.truffle.api.dsl.Cached;
 import com.oracle.truffle.api.dsl.Cached.Shared;
 import com.oracle.truffle.api.dsl.Fallback;
@@ -508,7 +509,7 @@ abstract static class JavaCompressNode extends PNodeWithContext {
 
         public abstract PBytes execute(ZLibCompObject.JavaZlibCompObject self, int mode, PythonObjectFactory factory);
 
-        @CompilerDirectives.TruffleBoundary
+        @TruffleBoundary
         @Specialization
         PBytes doit(ZLibCompObject.JavaZlibCompObject self, int mode, PythonObjectFactory factory) {
             byte[] result = new byte[DEF_BUF_SIZE];
@@ -538,7 +539,7 @@ abstract static class JavaDecompressNode extends PNodeWithContext {
 
         public abstract byte[] execute(ZLibCompObject.JavaZlibCompObject self, Object data, int maxLength, int bufSize, PythonObjectFactory factory);
 
-        @CompilerDirectives.TruffleBoundary
+        @TruffleBoundary
         @Specialization
         byte[] doit(ZLibCompObject.JavaZlibCompObject self, byte[] bytes, int maxLength, int bufSize, PythonObjectFactory factory,
                         @Cached PRaiseNode raise,
@@ -549,7 +550,7 @@ byte[] doit(ZLibCompObject.JavaZlibCompObject self, byte[] bytes, int maxLength,
             boolean zdictIsSet = false;
 
             Inflater inflater = (Inflater) self.stream;
-            self.setInflaterInput(bytes);
+            self.setInflaterInput(bytes, raise);
 
             int bytesWritten = result.length;
             ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -579,7 +580,7 @@ byte[] doit(ZLibCompObject.JavaZlibCompObject self, byte[] bytes, int maxLength,
             return baos.toByteArray();
         }
 
-        @CompilerDirectives.TruffleBoundary
+        @TruffleBoundary
         private static void saveUnconsumedInput(ZLibCompObject.JavaZlibCompObject self, byte[] data,
                         byte[] unusedDataBytes, int unconsumedTailLen, PythonObjectFactory factory) {
             Inflater inflater = (Inflater) self.stream;
@@ -602,17 +603,17 @@ private static void saveUnconsumedInput(ZLibCompObject.JavaZlibCompObject self,
             }
         }
 
-        @CompilerDirectives.TruffleBoundary
+        @TruffleBoundary
         public static boolean needsInput(Inflater inflater) {
             return inflater.needsInput();
         }
 
-        @CompilerDirectives.TruffleBoundary
+        @TruffleBoundary
         public static int getRemaining(Inflater inflater) {
             return inflater.getRemaining();
         }
 
-        @CompilerDirectives.TruffleBoundary
+        @TruffleBoundary
         public static int getBytesRead(Inflater inflater) {
             try {
                 return PInt.intValueExact(inflater.getBytesRead());
@@ -621,7 +622,7 @@ public static int getBytesRead(Inflater inflater) {
             }
         }
 
-        @CompilerDirectives.TruffleBoundary
+        @TruffleBoundary
         public static boolean isFinished(Inflater inflater) {
             return inflater.finished();
         }