From 3b77d01dbc9e7cf8e32803a307f2ecf7b2bf0f05 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Fri, 24 Jul 2015 09:02:53 +0300 Subject: Issue #24620: Random.setstate() now validates the value of state last element. --- Lib/test/test_random.py | 5 +++++ Misc/NEWS | 2 ++ Modules/_randommodule.c | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/Lib/test/test_random.py b/Lib/test/test_random.py index 250f443..e4876fd 100644 --- a/Lib/test/test_random.py +++ b/Lib/test/test_random.py @@ -319,6 +319,11 @@ class MersenneTwister_TestBasicOps(TestBasicOps): self.assertRaises(TypeError, self.gen.setstate, (2, ('a',)*625, None)) # Last element s/b an int also self.assertRaises(TypeError, self.gen.setstate, (2, (0,)*624+('a',), None)) + # Last element s/b between 0 and 624 + with self.assertRaises((ValueError, OverflowError)): + self.gen.setstate((2, (1,)*624+(625,), None)) + with self.assertRaises((ValueError, OverflowError)): + self.gen.setstate((2, (1,)*624+(-1,), None)) def test_referenceImplementation(self): # Compare the python implementation with results from the original diff --git a/Misc/NEWS b/Misc/NEWS index 95d6e11..9027ec8 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -34,6 +34,8 @@ Core and Builtins Library ------- +- Issue #24620: Random.setstate() now validates the value of state last element. + - Issue #13938: 2to3 converts StringTypes to a tuple. Patch from Mark Hammond. - Issue #24611: Fixed compiling the posix module on non-Windows platforms diff --git a/Modules/_randommodule.c b/Modules/_randommodule.c index 8bb9e37..480df92 100644 --- a/Modules/_randommodule.c +++ b/Modules/_randommodule.c @@ -363,6 +363,10 @@ random_setstate(RandomObject *self, PyObject *state) index = PyLong_AsLong(PyTuple_GET_ITEM(state, i)); if (index == -1 && PyErr_Occurred()) return NULL; + if (index < 0 || index > N) { + PyErr_SetString(PyExc_ValueError, "invalid state"); + return NULL; + } self->index = (int)index; Py_INCREF(Py_None); -- cgit v0.12