Issue #17710: Fix pickle raising a SystemError on bogus input.

3034efdd · Antoine Pitrou · ed3cd7e4 · 3034efdd · 3034efdd · 3034efdd
Commit 3034efdd authored Apr 15, 2013 by Antoine Pitrou
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 5 deletions

Lib/pickle.py Lib/pickle.py +1 -1

Lib/test/pickletester.py Lib/test/pickletester.py +8 -0

Misc/NEWS Misc/NEWS +2 -0

Modules/_pickle.c Modules/_pickle.c +4 -4

No files found.
--- a/Lib/pickle.py
+++ b/Lib/pickle.py
@@ -951,7 +951,7 @@ class _Unpickler:
        rep = orig[:-1]
        for q in (b'"', b"'"): # double or single quote
            if rep.startswith(q):
-                if not rep.endswith(q):
+                if len(rep) < 2 or not rep.endswith(q):
                    raise ValueError("insecure string pickle")
                rep = rep[len(q):-len(q)]
                break

--- a/Lib/test/pickletester.py
+++ b/Lib/test/pickletester.py
@@ -609,6 +609,14 @@ class AbstractPickleTests(unittest.TestCase):
                    b"'abc\"", # open quote and close quote don't match
                    b"'abc'   ?", # junk after close quote
                    b"'\\'", # trailing backslash
+                    # Variations on issue #17710
+                    b"'",
+                    b'"',
+                    b"' ",
+                    b"'  ",
+                    b"'   ",
+                    b"'    ",
+                    b'"    ',
                    # some tests of the quoting rules
                    ## b"'abc\"\''",
                    ## b"'\\\\a\'\'\'\\\'\\\\\''",

--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -29,6 +29,8 @@ Core and Builtins
 Library
 -------

+- Issue #17710: Fix pickle raising a SystemError on bogus input.
+
 - Issue #17341: Include the invalid name in the error messages from re about
  invalid group names.


--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -4171,7 +4171,7 @@ load_string(UnpicklerObject *self)

    if ((len = _Unpickler_Readline(self, &s)) < 0)
        return -1;
-    if (len < 3)
+    if (len < 2)
        return bad_readline();
    if ((s = strdup(s)) == NULL) {
        PyErr_NoMemory();
@@ -4179,14 +4179,14 @@ load_string(UnpicklerObject *self)
    }

    /* Strip outermost quotes */
-    while (s[len - 1] <= ' ')
+    while (len > 0 && s[len - 1] <= ' ')
        len--;
-    if (s[0] == '"' && s[len - 1] == '"') {
+    if (len > 1 && s[0] == '"' && s[len - 1] == '"') {
        s[len - 1] = '\0';
        p = s + 1;
        len -= 2;
    }
-    else if (s[0] == '\'' && s[len - 1] == '\'') {
+    else if (len > 1 && s[0] == '\'' && s[len - 1] == '\'') {
        s[len - 1] = '\0';
        p = s + 1;
        len -= 2;