Skip to content

tarfile leaks ValueError instead of InvalidHeaderError for a malformed GNU sparse pax number #153636

Description

@tonghuaroot

Bug description:

When a pax extended header carries a malformed GNU sparse number, tarfile parses it with a bare int() and lets the ValueError escape to the caller, unlike the GNU sparse 0.0 handler which reports such corruption as tarfile.InvalidHeaderError.

import tarfile
tarfile.TarInfo("x")._apply_pax_info(
    {"GNU.sparse.size": "x"}, "utf-8", "strict")   # ValueError

Reporting InvalidHeaderError makes the reader stop at the bad member like the 0.0 format does; a maintainer may prefer to raise instead, so the direction is open.

CPython versions tested on:

3.13, 3.14, 3.15

Operating systems tested on:

macOS

Linked PRs

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions