diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2025-06-11 11:01:15 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-06-11 11:01:15 (GMT) |
| commit | 0e969fe8438bc3c98e88e105f9f0e938bb360e47 (patch) | |
| tree | 254aa3513576ed1129c0305746e5246e2ecc5994 | |
| parent | 30494cc72c2b5e0c1d9df5f944fadbb82595497d (diff) | |
| download | cpython-0e969fe8438bc3c98e88e105f9f0e938bb360e47.zip cpython-0e969fe8438bc3c98e88e105f9f0e938bb360e47.tar.gz cpython-0e969fe8438bc3c98e88e105f9f0e938bb360e47.tar.bz2 | |
[3.14] gh-135321: Always raise a correct exception for BINSTRING argument > 0x7fffffff in pickle (GH-135322) (GH-135382)
(cherry picked from commit 2b8b4774d29a707330d463f226630185cbd3ceff)
Co-authored-by: Justin Applegate <70449145+Legoclones@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
| -rw-r--r-- | Lib/test/pickletester.py | 5 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst | 1 | ||||
| -rw-r--r-- | Modules/_pickle.c | 9 |
3 files changed, 10 insertions, 5 deletions
diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py index 9d6ae3e..9a3a26a 100644 --- a/Lib/test/pickletester.py +++ b/Lib/test/pickletester.py @@ -1100,6 +1100,11 @@ class AbstractUnpickleTests: self.check_unpickling_error((pickle.UnpicklingError, OverflowError), dumped) + def test_large_binstring(self): + errmsg = 'BINSTRING pickle has negative byte count' + with self.assertRaisesRegex(pickle.UnpicklingError, errmsg): + self.loads(b'T\0\0\0\x80') + def test_get(self): pickled = b'((lp100000\ng100000\nt.' unpickled = self.loads(pickled) diff --git a/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst b/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst new file mode 100644 index 0000000..9e63d8e --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst @@ -0,0 +1 @@ +Raise a correct exception for values greater than 0x7fffffff for the ``BINSTRING`` opcode in the C implementation of :mod:`pickle`. diff --git a/Modules/_pickle.c b/Modules/_pickle.c index d260f1a..2e74d56 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -5539,17 +5539,16 @@ static int load_counted_binstring(PickleState *st, UnpicklerObject *self, int nbytes) { PyObject *obj; - Py_ssize_t size; + long size; char *s; if (_Unpickler_Read(self, st, &s, nbytes) < 0) return -1; - size = calc_binsize(s, nbytes); + size = calc_binint(s, nbytes); if (size < 0) { - PyErr_Format(st->UnpicklingError, - "BINSTRING exceeds system's maximum size of %zd bytes", - PY_SSIZE_T_MAX); + PyErr_SetString(st->UnpicklingError, + "BINSTRING pickle has negative byte count"); return -1; } |