Greg's review notes and news entry

Author: StanFromIreland

Lib/test/test_bz2.py

@@ -1041,6 +1041,9 @@ def test_decompress_after_data_error(self):
         bzd = BZ2Decompressor()
         with self.assertRaisesRegex(OSError, "Invalid data stream"):
             bzd.decompress(data)
+        # Previously, a second call could crash due to internal inconsistency
+        self.assertFalse(bzd.needs_input)
+        self.assertFalse(bzd.eof)
         with self.assertRaisesRegex(OSError, "Invalid data stream"):
             bzd.decompress(b'\x00' * 18)
 

Misc/NEWS.d/next/Security/2026-05-30-09-36-20.gh-issue-150599.nlHqU-.rst

@@ -0,0 +1,3 @@
+Fix a possible stack buffer overflow in :mod:`bz2` when a
+:class:`bz2.BZ2Decompressor` is reused after a decompression error.
+The decompressor now becomes unusable after libbz2 reports an error.

Modules/_bz2module.c

@@ -615,6 +615,7 @@ _bz2_BZ2Decompressor_decompress_impl(BZ2Decompressor *self, Py_buffer *data,
         PyErr_SetString(PyExc_EOFError, "End of stream already reached");
     }
     else if (self->bzerror) {
+        // Re-entering BZ2_bzDecompress() after an error can write out of bounds.
         catch_bz2_error(self->bzerror);
     }
     else {