From b3d3ee4fef6d1beb547671d12c514c86657b9223 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@cheimes.de>
Date: Sat, 23 Nov 2013 21:01:40 +0100
Subject: Issue #17810: Add NULL check to save_frozenset CID 1131949: 
 Dereference null return value  (NULL_RETURNS)

---
 Modules/_pickle.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index f9aa043..b63a7d9 100644
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -2940,6 +2940,9 @@ save_frozenset(PicklerObject *self, PyObject *obj)
         return -1;
 
     iter = PyObject_GetIter(obj);
+    if (iter == NULL) {
+        return NULL;
+    }
     for (;;) {
         PyObject *item;
 
-- 
cgit v0.12


From 8f2ee6e407fe38375095f488b18d2c8c0cbab631 Mon Sep 17 00:00:00 2001
From: Antoine Pitrou <solipsis@pitrou.net>
Date: Sat, 23 Nov 2013 21:05:08 +0100
Subject: Fix writing out 64-bit size fields on 32-bit builds

---
 Lib/test/test_range.py |  7 ++++---
 Modules/_pickle.c      | 32 +++++++++++++++++++++-----------
 2 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/Lib/test/test_range.py b/Lib/test/test_range.py
index f088387..d9d4cf8 100644
--- a/Lib/test/test_range.py
+++ b/Lib/test/test_range.py
@@ -353,9 +353,10 @@ class RangeTest(unittest.TestCase):
                      (13, 21, 3), (-2, 2, 2), (2**65, 2**65+2)]
         for proto in range(pickle.HIGHEST_PROTOCOL + 1):
             for t in testcases:
-                r = range(*t)
-                self.assertEqual(list(pickle.loads(pickle.dumps(r, proto))),
-                                 list(r))
+                with self.subTest(proto=proto, test=t):
+                    r = range(*t)
+                    self.assertEqual(list(pickle.loads(pickle.dumps(r, proto))),
+                                     list(r))
 
     def test_iterator_pickling(self):
         testcases = [(13,), (0, 11), (-22, 10), (20, 3, -1),
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index b63a7d9..3411ce9 100644
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -700,17 +700,27 @@ _Pickler_ClearBuffer(PicklerObject *self)
 }
 
 static void
+_write_size64(char *out, size_t value)
+{
+    out[0] = (unsigned char)(value & 0xff);
+    out[1] = (unsigned char)((value >> 8) & 0xff);
+    out[2] = (unsigned char)((value >> 16) & 0xff);
+    out[3] = (unsigned char)((value >> 24) & 0xff);
+#if SIZEOF_SIZE_T >= 8
+    out[4] = (unsigned char)((value >> 32) & 0xff);
+    out[5] = (unsigned char)((value >> 40) & 0xff);
+    out[6] = (unsigned char)((value >> 48) & 0xff);
+    out[7] = (unsigned char)((value >> 56) & 0xff);
+#else
+    out[4] = out[5] = out[6] = out[7] = 0;
+#endif
+}
+
+static void
 _Pickler_WriteFrameHeader(PicklerObject *self, char *qdata, size_t frame_len)
 {
-    qdata[0] = (unsigned char)FRAME;
-    qdata[1] = (unsigned char)(frame_len & 0xff);
-    qdata[2] = (unsigned char)((frame_len >> 8) & 0xff);
-    qdata[3] = (unsigned char)((frame_len >> 16) & 0xff);
-    qdata[4] = (unsigned char)((frame_len >> 24) & 0xff);
-    qdata[5] = (unsigned char)((frame_len >> 32) & 0xff);
-    qdata[6] = (unsigned char)((frame_len >> 40) & 0xff);
-    qdata[7] = (unsigned char)((frame_len >> 48) & 0xff);
-    qdata[8] = (unsigned char)((frame_len >> 56) & 0xff);
+    qdata[0] = FRAME;
+    _write_size64(qdata + 1, frame_len);
 }
 
 static int
@@ -2017,7 +2027,7 @@ save_bytes(PicklerObject *self, PyObject *obj)
             int i;
             header[0] = BINBYTES8;
             for (i = 0; i < 8; i++) {
-                header[i+1] = (unsigned char)((size >> (8 * i)) & 0xff);
+                _write_size64(header + 1, size);
             }
             len = 8;
         }
@@ -2131,7 +2141,7 @@ write_utf8(PicklerObject *self, char *data, Py_ssize_t size)
 
         header[0] = BINUNICODE8;
         for (i = 0; i < 8; i++) {
-            header[i+1] = (unsigned char)((size >> (8 * i)) & 0xff);
+            _write_size64(header + 1, size);
         }
         len = 9;
     }
-- 
cgit v0.12


From 74d8d63b183f7bb90da68f45e34259af439922de Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@cheimes.de>
Date: Sat, 23 Nov 2013 21:05:31 +0100
Subject: Issue #17810: return -1 on error

---
 Modules/_pickle.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index b63a7d9..6de94ec 100644
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -2941,7 +2941,7 @@ save_frozenset(PicklerObject *self, PyObject *obj)
 
     iter = PyObject_GetIter(obj);
     if (iter == NULL) {
-        return NULL;
+        return -1;
     }
     for (;;) {
         PyObject *item;
-- 
cgit v0.12