summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael W. Hudson <mwh@python.net>2005-06-13 18:28:46 (GMT)
committerMichael W. Hudson <mwh@python.net>2005-06-13 18:28:46 (GMT)
commitf2ca5af43919e790f4e1b5dc3edeac6561e6e19b (patch)
tree8fddaf191ee10442aac7d8b53a1ed853e39e28b3
parent01fca110801d97166d8019db918d5c16e2a2c97b (diff)
downloadcpython-f2ca5af43919e790f4e1b5dc3edeac6561e6e19b.zip
cpython-f2ca5af43919e790f4e1b5dc3edeac6561e6e19b.tar.gz
cpython-f2ca5af43919e790f4e1b5dc3edeac6561e6e19b.tar.bz2
Fix bug
[ 1180997 ] lax error-checking in new-in-2.4 marshal stuff which I'd assigned to Martin, but actually turned out to be easy to fix. Also, a test.
-rw-r--r--Lib/test/test_marshal.py9
-rw-r--r--Python/marshal.c4
2 files changed, 13 insertions, 0 deletions
diff --git a/Lib/test/test_marshal.py b/Lib/test/test_marshal.py
index b62e2d8..f87495b 100644
--- a/Lib/test/test_marshal.py
+++ b/Lib/test/test_marshal.py
@@ -211,6 +211,15 @@ class BugsTestCase(unittest.TestCase):
self.assertEquals(marshal.loads(marshal.dumps(5, 0)), 5)
self.assertEquals(marshal.loads(marshal.dumps(5, 1)), 5)
+ def test_fuzz(self):
+ # simple test that it's at least not *totally* trivial to
+ # crash from bad marshal data
+ for c in [chr(i) for i in range(256)]:
+ try:
+ marshal.loads(c)
+ except Exception:
+ pass
+
def test_main():
test_support.run_unittest(IntTestCase,
FloatTestCase,
diff --git a/Python/marshal.c b/Python/marshal.c
index 6c65700..7f38a46 100644
--- a/Python/marshal.c
+++ b/Python/marshal.c
@@ -648,6 +648,10 @@ r_object(RFILE *p)
case TYPE_STRINGREF:
n = r_long(p);
+ if (n < 0 || n >= PyList_GET_SIZE(p->strings)) {
+ PyErr_SetString(PyExc_ValueError, "bad marshal data");
+ return NULL;
+ }
v = PyList_GET_ITEM(p->strings, n);
Py_INCREF(v);
return v;