diff options
author | Michael W. Hudson <mwh@python.net> | 2005-06-13 18:28:46 (GMT) |
---|---|---|
committer | Michael W. Hudson <mwh@python.net> | 2005-06-13 18:28:46 (GMT) |
commit | f2ca5af43919e790f4e1b5dc3edeac6561e6e19b (patch) | |
tree | 8fddaf191ee10442aac7d8b53a1ed853e39e28b3 | |
parent | 01fca110801d97166d8019db918d5c16e2a2c97b (diff) | |
download | cpython-f2ca5af43919e790f4e1b5dc3edeac6561e6e19b.zip cpython-f2ca5af43919e790f4e1b5dc3edeac6561e6e19b.tar.gz cpython-f2ca5af43919e790f4e1b5dc3edeac6561e6e19b.tar.bz2 |
Fix bug
[ 1180997 ] lax error-checking in new-in-2.4 marshal stuff
which I'd assigned to Martin, but actually turned out to be easy to fix.
Also, a test.
-rw-r--r-- | Lib/test/test_marshal.py | 9 | ||||
-rw-r--r-- | Python/marshal.c | 4 |
2 files changed, 13 insertions, 0 deletions
diff --git a/Lib/test/test_marshal.py b/Lib/test/test_marshal.py index b62e2d8..f87495b 100644 --- a/Lib/test/test_marshal.py +++ b/Lib/test/test_marshal.py @@ -211,6 +211,15 @@ class BugsTestCase(unittest.TestCase): self.assertEquals(marshal.loads(marshal.dumps(5, 0)), 5) self.assertEquals(marshal.loads(marshal.dumps(5, 1)), 5) + def test_fuzz(self): + # simple test that it's at least not *totally* trivial to + # crash from bad marshal data + for c in [chr(i) for i in range(256)]: + try: + marshal.loads(c) + except Exception: + pass + def test_main(): test_support.run_unittest(IntTestCase, FloatTestCase, diff --git a/Python/marshal.c b/Python/marshal.c index 6c65700..7f38a46 100644 --- a/Python/marshal.c +++ b/Python/marshal.c @@ -648,6 +648,10 @@ r_object(RFILE *p) case TYPE_STRINGREF: n = r_long(p); + if (n < 0 || n >= PyList_GET_SIZE(p->strings)) { + PyErr_SetString(PyExc_ValueError, "bad marshal data"); + return NULL; + } v = PyList_GET_ITEM(p->strings, n); Py_INCREF(v); return v; |