summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Peterson <benjamin@python.org>2015-09-26 07:09:32 (GMT)
committerBenjamin Peterson <benjamin@python.org>2015-09-26 07:09:32 (GMT)
commit03c59b9bef7ca78dd852d2fad381ee0a0dd17e22 (patch)
tree033f47124c82514c49e9786db09fe1d4e51c8c1d
parent58b53953f80f2b2c5a8583a04ce737acfb326def (diff)
parente48cf7e729923cf8bfb04cf559b4177503e85c39 (diff)
downloadcpython-03c59b9bef7ca78dd852d2fad381ee0a0dd17e22.zip
cpython-03c59b9bef7ca78dd852d2fad381ee0a0dd17e22.tar.gz
cpython-03c59b9bef7ca78dd852d2fad381ee0a0dd17e22.tar.bz2
merge 3.4
-rw-r--r--Misc/NEWS2
-rw-r--r--Modules/_pickle.c6
2 files changed, 8 insertions, 0 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index adf5276..c7eec4f 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -21,6 +21,8 @@ Core and Builtins
Library
-------
+- Prevent overflow in _Unpickler_Read.
+
- Issue #25047: The XML encoding declaration written by Element Tree now
respects the letter case given by the user. This restores the ability to
write encoding names in uppercase like "UTF-8", which worked in Python 2.
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index 3ad9a97..c3f1896 100644
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -1193,6 +1193,12 @@ _Unpickler_Read(UnpicklerObject *self, char **s, Py_ssize_t n)
{
Py_ssize_t num_read;
+ if (self->next_read_idx > PY_SSIZE_T_MAX - n) {
+ PickleState *st = _Pickle_GetGlobalState();
+ PyErr_SetString(st->UnpicklingError,
+ "read would overflow (invalid bytecode)");
+ return -1;
+ }
if (self->next_read_idx + n <= self->input_len) {
*s = self->input_buffer + self->next_read_idx;
self->next_read_idx += n;