zlib: Protect against non-empty port internal buffers.

* guix/zlib.scm (make-gzip-input-port)[gzfile]: Error out
if (drain-input port) returns a non-empty string.
* guix/zlib.scm (make-gzip-output-port)[gzfile]: Call 'force-output'.

1 files changed, 15 insertions, 4 deletions

diff --git a/guix/zlib.scm b/guix/zlib.scm
index 40f5294ceb..74420129f6 100644
--- a/guix/zlib.scm
+++ b/guix/zlib.scm
@@ -168,9 +168,18 @@ closed even if closing GZFILE triggers an exception."
   "Return an input port that decompresses data read from PORT, a file port.
 PORT is automatically closed when the resulting port is closed.  BUFFER-SIZE
 is the size in bytes of the internal buffer, 8 KiB by default; using a larger
-buffer increases decompression speed."
+buffer increases decompression speed.  An error is thrown if PORT contains
+buffered input, which would be lost (and is lost anyway)."
   (define gzfile
-    (gzdopen (fileno port) "r"))
+    (match (drain-input port)
+      (""                                         ;PORT's buffer is empty
+       (gzdopen (fileno port) "r"))
+      (_
+       ;; This is unrecoverable but it's better than having the buffered input
+       ;; be lost, leading to unclear end-of-file or corrupt-data errors down
+       ;; the path.
+       (throw 'zlib-error 'make-gzip-input-port
+              "port contains buffered input" port))))
 
   (define (read! bv start count)
     (gzread! gzfile bv start count))
@@ -189,8 +198,10 @@ buffer increases decompression speed."
 a file port, as its sink.  PORT is automatically closed when the resulting
 port is closed."
   (define gzfile
-    (gzdopen (fileno port)
-             (string-append "w" (number->string level))))
+    (begin
+      (force-output port)                         ;empty PORT's buffer
+      (gzdopen (fileno port)
+               (string-append "w" (number->string level)))))
 
   (define (write! bv start count)
     (gzwrite gzfile bv start count))