1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
From 9e03b5732805f3cf3c5c249761e2fb8ace2223d3 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Sat, 3 Jan 2026 03:57:17 +0000
Subject: [PATCH 1/2] Use collections.deque for chunk splits (#11892) (#11912)
From: Sam Bull <git@sambull.org>
(cherry picked from commit 271532ea355c65480c8ecc14137dfbb72aec8f6f)
---------
Co-authored-by: Finder <nakamurajames123@gmail.com>
CVE: CVE-2025-69229
Upstream-Status: Backport [https://github.com/aio-libs/aiohttp/commit/dc3170b56904bdf814228fae70a5501a42a6c712]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
aiohttp/streams.py | 8 ++++----
tests/test_http_parser.py | 14 +++++++++-----
2 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/aiohttp/streams.py b/aiohttp/streams.py
index 7a3f64d..108257e 100644
--- a/aiohttp/streams.py
+++ b/aiohttp/streams.py
@@ -148,7 +148,7 @@ class StreamReader(AsyncStreamReaderMixin):
self._loop = loop
self._size = 0
self._cursor = 0
- self._http_chunk_splits: Optional[List[int]] = None
+ self._http_chunk_splits: Optional[Deque[int]] = None
self._buffer: Deque[bytes] = collections.deque()
self._buffer_offset = 0
self._eof = False
@@ -295,7 +295,7 @@ class StreamReader(AsyncStreamReaderMixin):
raise RuntimeError(
"Called begin_http_chunk_receiving when some data was already fed"
)
- self._http_chunk_splits = []
+ self._http_chunk_splits = collections.deque()
def end_http_chunk_receiving(self) -> None:
if self._http_chunk_splits is None:
@@ -454,7 +454,7 @@ class StreamReader(AsyncStreamReaderMixin):
raise self._exception
while self._http_chunk_splits:
- pos = self._http_chunk_splits.pop(0)
+ pos = self._http_chunk_splits.popleft()
if pos == self._cursor:
return (b"", True)
if pos > self._cursor:
@@ -527,7 +527,7 @@ class StreamReader(AsyncStreamReaderMixin):
chunk_splits = self._http_chunk_splits
# Prevent memory leak: drop useless chunk splits
while chunk_splits and chunk_splits[0] < self._cursor:
- chunk_splits.pop(0)
+ chunk_splits.popleft()
if self._size < self._low_water and self._protocol._reading_paused:
self._protocol.resume_reading()
diff --git a/tests/test_http_parser.py b/tests/test_http_parser.py
index d4c1768..b9d917f 100644
--- a/tests/test_http_parser.py
+++ b/tests/test_http_parser.py
@@ -1223,7 +1223,8 @@ def test_http_request_chunked_payload(parser) -> None:
parser.feed_data(b"4\r\ndata\r\n4\r\nline\r\n0\r\n\r\n")
assert b"dataline" == b"".join(d for d in payload._buffer)
- assert [4, 8] == payload._http_chunk_splits
+ assert payload._http_chunk_splits is not None
+ assert [4, 8] == list(payload._http_chunk_splits)
assert payload.is_eof()
@@ -1238,7 +1239,8 @@ def test_http_request_chunked_payload_and_next_message(parser) -> None:
)
assert b"dataline" == b"".join(d for d in payload._buffer)
- assert [4, 8] == payload._http_chunk_splits
+ assert payload._http_chunk_splits is not None
+ assert [4, 8] == list(payload._http_chunk_splits)
assert payload.is_eof()
assert len(messages) == 1
@@ -1262,12 +1264,13 @@ def test_http_request_chunked_payload_chunks(parser) -> None:
parser.feed_data(b"test: test\r\n")
assert b"dataline" == b"".join(d for d in payload._buffer)
- assert [4, 8] == payload._http_chunk_splits
+ assert payload._http_chunk_splits is not None
+ assert [4, 8] == list(payload._http_chunk_splits)
assert not payload.is_eof()
parser.feed_data(b"\r\n")
assert b"dataline" == b"".join(d for d in payload._buffer)
- assert [4, 8] == payload._http_chunk_splits
+ assert [4, 8] == list(payload._http_chunk_splits)
assert payload.is_eof()
@@ -1278,7 +1281,8 @@ def test_parse_chunked_payload_chunk_extension(parser) -> None:
parser.feed_data(b"4;test\r\ndata\r\n4\r\nline\r\n0\r\ntest: test\r\n\r\n")
assert b"dataline" == b"".join(d for d in payload._buffer)
- assert [4, 8] == payload._http_chunk_splits
+ assert payload._http_chunk_splits is not None
+ assert [4, 8] == list(payload._http_chunk_splits)
assert payload.is_eof()
|
