From a24b4d260beafb5b45450ff46d7740bea8eaa4a9 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Mon, 1 Jul 2013 15:17:45 +0200 Subject: Issue #18339: Negative ints keys in unpickler.memo dict no longer cause a segfault inside the _pickle C extension. --- Lib/test/test_pickle.py | 7 +++++++ Misc/NEWS | 3 +++ Modules/_pickle.c | 5 +++++ 3 files changed, 15 insertions(+) diff --git a/Lib/test/test_pickle.py b/Lib/test/test_pickle.py index f52d4bd..e96fe52 100644 --- a/Lib/test/test_pickle.py +++ b/Lib/test/test_pickle.py @@ -115,6 +115,13 @@ if has_c_implementation: pickler_class = _pickle.Pickler unpickler_class = _pickle.Unpickler + def test_issue18339(self): + unpickler = self.unpickler_class(io.BytesIO()) + self.assertRaises(TypeError, setattr, unpickler, "memo", object) + # used to cause a segfault + self.assertRaises(ValueError, setattr, unpickler, "memo", {-1: None}) + unpickler.memo = {1: None} + class CDispatchTableTests(AbstractDispatchTableTests): pickler_class = pickle.Pickler def get_dispatch_table(self): diff --git a/Misc/NEWS b/Misc/NEWS index e653925..37ee7fc 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -38,6 +38,9 @@ Core and Builtins Library ------- +- Issue #18339: Negative ints keys in unpickler.memo dict no longer cause a + segfault inside the _pickle C extension. + - Issue #18224: Removed pydoc script from created venv, as it causes problems on Windows and adds no value over and above python -m pydoc ... diff --git a/Modules/_pickle.c b/Modules/_pickle.c index a8d6684..195ee5d 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -5931,6 +5931,11 @@ Unpickler_set_memo(UnpicklerObject *self, PyObject *obj) idx = PyLong_AsSsize_t(key); if (idx == -1 && PyErr_Occurred()) goto error; + if (idx < 0) { + PyErr_SetString(PyExc_ValueError, + "memos key must be positive integers."); + goto error; + } if (_Unpickler_MemoPut(self, idx, value) < 0) goto error; } -- cgit v0.12