diff options
author | Benjamin Peterson <benjamin@python.org> | 2015-09-26 07:09:32 (GMT) |
---|---|---|
committer | Benjamin Peterson <benjamin@python.org> | 2015-09-26 07:09:32 (GMT) |
commit | 03c59b9bef7ca78dd852d2fad381ee0a0dd17e22 (patch) | |
tree | 033f47124c82514c49e9786db09fe1d4e51c8c1d | |
parent | 58b53953f80f2b2c5a8583a04ce737acfb326def (diff) | |
parent | e48cf7e729923cf8bfb04cf559b4177503e85c39 (diff) | |
download | cpython-03c59b9bef7ca78dd852d2fad381ee0a0dd17e22.zip cpython-03c59b9bef7ca78dd852d2fad381ee0a0dd17e22.tar.gz cpython-03c59b9bef7ca78dd852d2fad381ee0a0dd17e22.tar.bz2 |
merge 3.4
-rw-r--r-- | Misc/NEWS | 2 | ||||
-rw-r--r-- | Modules/_pickle.c | 6 |
2 files changed, 8 insertions, 0 deletions
@@ -21,6 +21,8 @@ Core and Builtins Library ------- +- Prevent overflow in _Unpickler_Read. + - Issue #25047: The XML encoding declaration written by Element Tree now respects the letter case given by the user. This restores the ability to write encoding names in uppercase like "UTF-8", which worked in Python 2. diff --git a/Modules/_pickle.c b/Modules/_pickle.c index 3ad9a97..c3f1896 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -1193,6 +1193,12 @@ _Unpickler_Read(UnpicklerObject *self, char **s, Py_ssize_t n) { Py_ssize_t num_read; + if (self->next_read_idx > PY_SSIZE_T_MAX - n) { + PickleState *st = _Pickle_GetGlobalState(); + PyErr_SetString(st->UnpicklingError, + "read would overflow (invalid bytecode)"); + return -1; + } if (self->next_read_idx + n <= self->input_len) { *s = self->input_buffer + self->next_read_idx; self->next_read_idx += n; |