gh-151308: Avoid huge pre-allocation in wave.readframes() for crafted files

A WAV data chunk records its size in a 4-byte header field that is not
validated against the data actually present in the file.  A small,
truncated, or maliciously crafted file could therefore claim a chunk of
several gigabytes and make wave.Wave_read.readframes() pre-allocate that
much memory via a single file.read(chunksize) call, leading to a
MemoryError (or memory exhaustion) from a tiny input.

When the underlying file is seekable, clamp each read in the internal
_Chunk.read() to the number of bytes physically available, so we never
allocate more than the file can actually provide.  The data returned for
valid files is unchanged.

Author: iamsharduld

Lib/test/test_wave.py

@@ -10,6 +10,20 @@
 import wave
 
 
+class _ReadSizeRecorder(io.BytesIO):
+    # A seekable file that remembers the largest size ever passed to read(),
+    # so a test can check that wave does not request far more data than the
+    # file actually holds (which on a real file would pre-allocate it).
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.max_read_size = 0
+
+    def read(self, size=-1):
+        if size is not None and size >= 0:
+            self.max_read_size = max(self.max_read_size, size)
+        return super().read(size)
+
+
 class WaveTest(audiotests.AudioWriteTests,
                audiotests.AudioTestsWithSourceFile):
     module = wave
@@ -333,6 +347,23 @@ def test_read_wrong_sample_width(self):
         with self.assertRaisesRegex(wave.Error, 'bad sample width'):
             wave.open(io.BytesIO(b))
 
+    def test_read_data_chunk_size_larger_than_file(self):
+        # gh-151308: a data chunk header may claim far more data than the
+        # file actually contains.  readframes() must not request (and so,
+        # on a real file, pre-allocate) the claimed size; reads on a
+        # seekable file are clamped to the bytes actually available.
+        real_data = b'\x00' * 10
+        b = b'RIFF' + struct.pack('<L', 0xFFFFFFFF) + b'WAVE'
+        b += b'fmt ' + struct.pack('<LHHLLHH', 16, 1, 1, 11025, 11025, 1, 8)
+        b += b'data' + struct.pack('<L', 0xFFFFFFFF)  # bogus, ~4 GiB
+        b += real_data
+        f = _ReadSizeRecorder(b)
+        with wave.open(f, 'rb') as r:
+            data = r.readframes(r.getnframes())
+        self.assertEqual(data, real_data)
+        # The bogus ~4 GiB size must never reach the underlying read().
+        self.assertLessEqual(f.max_read_size, len(b))
+
     def test_open_in_write_raises(self):
         # gh-136523: Wave_write.__del__ should not throw
         with support.catch_unraisable_exception() as cm:

Lib/wave.py

@@ -189,6 +189,28 @@ def read(self, size=-1):
             size = self.chunksize - self.size_read
         if size > self.chunksize - self.size_read:
             size = self.chunksize - self.size_read
+        # The chunk size comes from the file header and is not trustworthy:
+        # a truncated or maliciously crafted file can claim a size far larger
+        # than the data actually present, which would make the read() below
+        # pre-allocate that many bytes (gh-151308).  When the underlying file
+        # is seekable, clamp the request to the bytes physically available so
+        # we never allocate more than the file can provide.  This leaves the
+        # data returned for valid files unchanged, since the requested bytes
+        # are always present.  We probe with tell()/seek() rather than trust
+        # seekable(), since some file objects report being seekable yet raise
+        # on the actual call; on any failure we fall back to the original
+        # behaviour.  This also covers the nested chunks, whose seek() returns
+        # None (so the clamp is skipped) and which read through the raw file.
+        if size > 0:
+            try:
+                here = self.file.tell()
+                end = self.file.seek(0, 2)
+                self.file.seek(here, 0)
+            except (OSError, ValueError):
+                pass
+            else:
+                if isinstance(end, int):
+                    size = min(size, max(0, end - here))
         data = self.file.read(size)
         self.size_read = self.size_read + len(data)
         if self.size_read == self.chunksize and \

Misc/NEWS.d/next/Library/2026-06-15-13-04-03.gh-issue-151308.5gc0g-.rst

@@ -0,0 +1,4 @@
+:meth:`wave.Wave_read.readframes` no longer attempts to pre-allocate a huge
+buffer when the data chunk header of a truncated or malformed WAV file claims
+a size larger than the file actually contains.  When the underlying file is
+seekable, reads are now clamped to the number of bytes really available.