Skip to content

C
cpython
Commit 3e4e72f6 authored by Amaury Forgeot d'Arc's avatar Amaury Forgeot d'Arc
Browse files
Options

#4298: pickle.load() can segfault on invalid or truncated input. 

Patch and test by Hirokazu Yamamoto.
parent 3bae65ba
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 1 deletion
Lib/test/pickletester.py
View file @ 3e4e72f6
......@@ -1032,6 +1032,11 @@ class AbstractPickleModuleTests(unittest.TestCase):
self.assertRaises(pickle.PicklingError, BadPickler().dump, 0)
self.assertRaises(pickle.UnpicklingError, BadUnpickler().load)
def test_bad_input(self):
# Test issue4298
s = bytes([0x58, 0, 0, 0, 0x54])
self.assertRaises(EOFError, pickle.loads, s)
class AbstractPersistentPicklerTests(unittest.TestCase):
......
Misc/NEWS
View file @ 3e4e72f6
......@@ -16,7 +16,9 @@ Core and Builtins
Library
-------
- Issue #4283: fix a left-over "iteritems" call in distutils.
- Issue #4298: Fix a segfault when pickle.loads is passed a ill-formed input.
- Issue #4283: Fix a left-over "iteritems" call in distutils.
Build
-----
......
Modules/_pickle.c
View file @ 3e4e72f6
......@@ -489,6 +489,11 @@ unpickler_read(UnpicklerObject *self, char **s, Py_ssize_t n)
return -1;
}
if (PyBytes_GET_SIZE(data) != n) {
PyErr_SetNone(PyExc_EOFError);
return -1;
}
Py_XDECREF(self->last_string);
self->last_string = data;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7