Commit 1e5927ec authored by Benjamin Peterson's avatar Benjamin Peterson

fix use after free (closes #24552)

parent 201b88e5
......@@ -1039,6 +1039,18 @@ class AbstractPickleTests(unittest.TestCase):
self.assertEqual(B(x), B(y), detail)
self.assertEqual(x.__dict__, y.__dict__, detail)
def test_newobj_not_class(self):
# Issue 24552
global SimpleNewObj
save = SimpleNewObj
o = object.__new__(SimpleNewObj)
b = self.dumps(o, 4)
try:
SimpleNewObj = 42
self.assertRaises((TypeError, pickle.UnpicklingError), self.loads, b)
finally:
SimpleNewObj = save
# Register a type with copyreg, with extension code extcode. Pickle
# an object of that type. Check that the resulting pickle uses opcode
# (EXT[124]) under proto 2, and not in proto 1.
......
......@@ -64,6 +64,8 @@ Core and Builtins
Library
-------
- Issue #24552: Fix use after free in an error case of the _pickle module.
- Issue #24514: tarfile now tolerates number fields consisting of only
whitespace.
......
......@@ -5210,10 +5210,10 @@ load_newobj_ex(UnpicklerObject *self)
if (!PyType_Check(cls)) {
Py_DECREF(kwargs);
Py_DECREF(args);
Py_DECREF(cls);
PyErr_Format(st->UnpicklingError,
"NEWOBJ_EX class argument must be a type, not %.200s",
Py_TYPE(cls)->tp_name);
Py_DECREF(cls);
return -1;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment