Skip to content

C
cpython
Commit 4b24214c authored by Benjamin Peterson's avatar Benjamin Peterson
Browse files
Options

prevent overflow in _Unpickler_Read

parent e9e649cd
Hide whitespace changes
Inline Side-by-side
Showing with 8 additions and 0 deletions
Misc/NEWS
View file @ 4b24214c
...@@ -81,6 +81,8 @@ Core and Builtins ...@@ -81,6 +81,8 @@ Core and Builtins
Library Library
------- -------
- Prevent overflow in _Unpickler_Read.
- Issue #25047: The XML encoding declaration written by Element Tree now - Issue #25047: The XML encoding declaration written by Element Tree now
respects the letter case given by the user. This restores the ability to respects the letter case given by the user. This restores the ability to
write encoding names in uppercase like "UTF-8", which worked in Python 2. write encoding names in uppercase like "UTF-8", which worked in Python 2.
......
Modules/_pickle.c
View file @ 4b24214c
...@@ -1182,6 +1182,12 @@ _Unpickler_Read(UnpicklerObject *self, char **s, Py_ssize_t n) ...@@ -1182,6 +1182,12 @@ _Unpickler_Read(UnpicklerObject *self, char **s, Py_ssize_t n)
{ {
Py_ssize_t num_read; Py_ssize_t num_read;
if (self->next_read_idx > PY_SSIZE_T_MAX - n) {
PickleState *st = _Pickle_GetGlobalState();
PyErr_SetString(st->UnpicklingError,
"read would overflow (invalid bytecode)");
return -1;
}
if (self->next_read_idx + n <= self->input_len) { if (self->next_read_idx + n <= self->input_len) {
*s = self->input_buffer + self->next_read_idx; *s = self->input_buffer + self->next_read_idx;
self->next_read_idx += n; self->next_read_idx += n;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7