summaryrefslogtreecommitdiffstats
path: root/Modules
diff options
context:
space:
mode:
authorT. Wouters <thomas@python.org>2019-03-04 18:52:07 (GMT)
committerGitHub <noreply@github.com>2019-03-04 18:52:07 (GMT)
commitd9bf7f4198871132714cfe7d702baaa02206e9f1 (patch)
treeaeee180dfaf5e16a34f4cbadf841253ceec86cd6 /Modules
parent84b5ac9ba6fd71ba9d0ef98e2a166a35189b263f (diff)
downloadcpython-d9bf7f4198871132714cfe7d702baaa02206e9f1.zip
cpython-d9bf7f4198871132714cfe7d702baaa02206e9f1.tar.gz
cpython-d9bf7f4198871132714cfe7d702baaa02206e9f1.tar.bz2
[2.7] bpo-36149 Fix potential use of uninitialized memory in cPickle (#12105)
Fix off-by-one bug in cPickle that caused it to use uninitialised memory on truncated pickles read from FILE*s.
Diffstat (limited to 'Modules')
-rw-r--r--Modules/cPickle.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/Modules/cPickle.c b/Modules/cPickle.c
index 914ebb3..f7c6fec 100644
--- a/Modules/cPickle.c
+++ b/Modules/cPickle.c
@@ -586,12 +586,15 @@ readline_file(Unpicklerobject *self, char **s)
while (1) {
Py_ssize_t bigger;
char *newbuf;
- for (; i < (self->buf_size - 1); i++) {
- if (feof(self->fp) ||
- (self->buf[i] = getc(self->fp)) == '\n') {
- self->buf[i + 1] = '\0';
+ while (i < (self->buf_size - 1)) {
+ int newchar = getc(self->fp);
+ if (newchar != EOF) {
+ self->buf[i++] = newchar;
+ }
+ if (newchar == EOF || newchar == '\n') {
+ self->buf[i] = '\0';
*s = self->buf;
- return i + 1;
+ return i;
}
}
if (self->buf_size > (PY_SSIZE_T_MAX >> 1)) {
generated by cgit v0.12 at 2025-09-03 10:05:35 (GMT)