diff options
| -rw-r--r-- | Lib/test/test_random.py | 5 | ||||
| -rw-r--r-- | Misc/NEWS | 2 | ||||
| -rw-r--r-- | Modules/_randommodule.c | 4 |
3 files changed, 11 insertions, 0 deletions
diff --git a/Lib/test/test_random.py b/Lib/test/test_random.py index e648045..4b5232f 100644 --- a/Lib/test/test_random.py +++ b/Lib/test/test_random.py @@ -338,6 +338,11 @@ class MersenneTwister_TestBasicOps(TestBasicOps, unittest.TestCase): self.assertRaises(TypeError, self.gen.setstate, (2, ('a',)*625, None)) # Last element s/b an int also self.assertRaises(TypeError, self.gen.setstate, (2, (0,)*624+('a',), None)) + # Last element s/b between 0 and 624 + with self.assertRaises((ValueError, OverflowError)): + self.gen.setstate((2, (1,)*624+(625,), None)) + with self.assertRaises((ValueError, OverflowError)): + self.gen.setstate((2, (1,)*624+(-1,), None)) # Little trick to make "tuple(x % (2**32) for x in internalstate)" # raise ValueError. I cannot think of a simple way to achieve this, so @@ -28,6 +28,8 @@ Core and Builtins Library ------- +- Issue #24620: Random.setstate() now validates the value of state last element. + - Issue #22485: Fixed an issue that caused `inspect.getsource` to return incorrect results on nested functions. diff --git a/Modules/_randommodule.c b/Modules/_randommodule.c index df149c5..95ad4a4 100644 --- a/Modules/_randommodule.c +++ b/Modules/_randommodule.c @@ -335,6 +335,10 @@ random_setstate(RandomObject *self, PyObject *state) index = PyLong_AsLong(PyTuple_GET_ITEM(state, i)); if (index == -1 && PyErr_Occurred()) return NULL; + if (index < 0 || index > N) { + PyErr_SetString(PyExc_ValueError, "invalid state"); + return NULL; + } self->index = (int)index; Py_INCREF(Py_None); |