gh-150599: Prevent bz2 decompressor reuse after errors

[StanFromIreland]

• Issue: Stack buffer overflow in bz2 when reusing BZ2Decompressor after error #150599

[serhiy-storchaka]

Why reraise the same error again and again? Why not close the decomressor, set eof and raise EOFError? Or set other flag and raise ValueError or RuntimeError?

[StanFromIreland]

Serhiy, FYI this is the fix for: https://github.com/python/cpython/security/advisories/GHSA-mv83-7xc2-cc7v

Why reraise the same error again and again? Why not close the decomressor, set eof and raise EOFError? Or set other flag and raise ValueError or RuntimeError?

Setting eof and raising EOFError would lie about the state as the stream did not finish cleanly. ValueError/RuntimeError would make the second call report a different kind of failure from the first call, even though the root cause is the same. I think re-raising the same exception is the most useful behaviour, it preserves the original failure reason.

[serhiy-storchaka]

You are not supposed to use decompressor after failure. Raising a ValueError or a RuntimeError with specific error message ("decompressor is dead, don't use it") will make it clear.

[StanFromIreland]

You are not supposed to use decompressor after failure. Raising a ValueError or a RuntimeError with specific error message ("decompressor is dead, don't use it") will make it clear.

It is clear, I'm still leaning towards providing the root cause being more helpful. Greg and Emma, what do you think is better here?

[serhiy-storchaka]

You already got the initial error first time. There is no precedence of keeping the original error and raising it on recurring requests.