diff options
| author | Amaury Forgeot d'Arc <amauryfa@gmail.com> | 2008-11-11 20:05:06 (GMT) |
|---|---|---|
| committer | Amaury Forgeot d'Arc <amauryfa@gmail.com> | 2008-11-11 20:05:06 (GMT) |
| commit | 3e4e72f66f4e9d379d7734b5d0de92fc0b4d9596 (patch) | |
| tree | 4eee1f9789483a66f079269f0c3c2f194b5910be | |
| parent | 3bae65bacdc7c03e665fabb2065c740358ac362f (diff) | |
| download | cpython-3e4e72f66f4e9d379d7734b5d0de92fc0b4d9596.zip cpython-3e4e72f66f4e9d379d7734b5d0de92fc0b4d9596.tar.gz cpython-3e4e72f66f4e9d379d7734b5d0de92fc0b4d9596.tar.bz2 | |
#4298: pickle.load() can segfault on invalid or truncated input.
Patch and test by Hirokazu Yamamoto.
| -rw-r--r-- | Lib/test/pickletester.py | 5 | ||||
| -rw-r--r-- | Misc/NEWS | 4 | ||||
| -rw-r--r-- | Modules/_pickle.c | 5 |
3 files changed, 13 insertions, 1 deletions
diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py index 8519fb5..c7c89d1 100644 --- a/Lib/test/pickletester.py +++ b/Lib/test/pickletester.py @@ -1032,6 +1032,11 @@ class AbstractPickleModuleTests(unittest.TestCase): self.assertRaises(pickle.PicklingError, BadPickler().dump, 0) self.assertRaises(pickle.UnpicklingError, BadUnpickler().load) + def test_bad_input(self): + # Test issue4298 + s = bytes([0x58, 0, 0, 0, 0x54]) + self.assertRaises(EOFError, pickle.loads, s) + class AbstractPersistentPicklerTests(unittest.TestCase): @@ -16,7 +16,9 @@ Core and Builtins Library ------- -- Issue #4283: fix a left-over "iteritems" call in distutils. +- Issue #4298: Fix a segfault when pickle.loads is passed a ill-formed input. + +- Issue #4283: Fix a left-over "iteritems" call in distutils. Build ----- diff --git a/Modules/_pickle.c b/Modules/_pickle.c index a689c33..c1facd8 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -489,6 +489,11 @@ unpickler_read(UnpicklerObject *self, char **s, Py_ssize_t n) return -1; } + if (PyBytes_GET_SIZE(data) != n) { + PyErr_SetNone(PyExc_EOFError); + return -1; + } + Py_XDECREF(self->last_string); self->last_string = data; |