diff options
| author | Benjamin Peterson <benjamin@python.org> | 2015-09-26 07:08:34 (GMT) |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2015-09-26 07:08:34 (GMT) |
| commit | e48cf7e729923cf8bfb04cf559b4177503e85c39 (patch) | |
| tree | 352456aa65e9cac142b5ed86f603c5667b660c98 /Modules | |
| parent | 3be2e54adcc5c8fd87f5f21e09ee4a85d230f8c5 (diff) | |
| download | cpython-e48cf7e729923cf8bfb04cf559b4177503e85c39.zip cpython-e48cf7e729923cf8bfb04cf559b4177503e85c39.tar.gz cpython-e48cf7e729923cf8bfb04cf559b4177503e85c39.tar.bz2 | |
prevent overflow in _Unpickler_Read
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/_pickle.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/Modules/_pickle.c b/Modules/_pickle.c index 9f16b4d..68d2a60 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -1182,6 +1182,12 @@ _Unpickler_Read(UnpicklerObject *self, char **s, Py_ssize_t n) { Py_ssize_t num_read; + if (self->next_read_idx > PY_SSIZE_T_MAX - n) { + PickleState *st = _Pickle_GetGlobalState(); + PyErr_SetString(st->UnpicklingError, + "read would overflow (invalid bytecode)"); + return -1; + } if (self->next_read_idx + n <= self->input_len) { *s = self->input_buffer + self->next_read_idx; self->next_read_idx += n; |