summaryrefslogtreecommitdiffstats
path: root/Modules/cPickle.c
diff options
context:
space:
mode:
Diffstat (limited to 'Modules/cPickle.c')
-rw-r--r--Modules/cPickle.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/Modules/cPickle.c b/Modules/cPickle.c
index f130087..51fc226 100644
--- a/Modules/cPickle.c
+++ b/Modules/cPickle.c
@@ -3435,6 +3435,14 @@ load_binstring(Unpicklerobject *self)
if (self->read_func(self, &s, 4) < 0) return -1;
l = calc_binint(s, 4);
+ if (l < 0) {
+ /* Corrupt or hostile pickle -- we never write one like
+ * this.
+ */
+ PyErr_SetString(UnpicklingError,
+ "BINSTRING pickle has negative byte count");
+ return -1;
+ }
if (self->read_func(self, &s, l) < 0)
return -1;
@@ -3502,6 +3510,14 @@ load_binunicode(Unpicklerobject *self)
if (self->read_func(self, &s, 4) < 0) return -1;
l = calc_binint(s, 4);
+ if (l < 0) {
+ /* Corrupt or hostile pickle -- we never write one like
+ * this.
+ */
+ PyErr_SetString(UnpicklingError,
+ "BINUNICODE pickle has negative byte count");
+ return -1;
+ }
if (self->read_func(self, &s, l) < 0)
return -1;
generated by cgit v0.12 at 2025-01-08 15:14:14 (GMT)