When unmarshalling, add test for negative lengths on strings, tuples

and lists; if the size is negative, raise an exception. Also raise an exception when an undefined type is found -- all this to increase the chance that garbage input causes an exception instead of a core dump.

When unmarshalling, add test for negative lengths on strings, tuples
and lists; if the size is negative, raise an exception. Also raise an exception when an undefined type is found -- all this to increase the chance that garbage input causes an exception instead of a core dump.
a45cb459 · Guido van Rossum · a63eff6e · a45cb459
Commit a45cb459 authored Jun 08, 1998 by Guido van Rossum
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 2 deletions

Python/marshal.c Python/marshal.c +14 -2

No files found.
--- a/Python/marshal.c
+++ b/Python/marshal.c
@@ -463,6 +463,10 @@ r_object(p)
 	case TYPE_STRING:
 		n = r_long(p);
+		if (n < 0) {
+			PyErr_SetString(PyExc_ValueError, "bad marshal data");
+			return NULL;
+		}
 		v = PyString_FromStringAndSize((char *)NULL, n);
 		if (v != NULL) {
 			if (r_string(PyString_AsString(v), (int)n, p) != n) {
@@ -476,6 +480,10 @@ r_object(p)
 	case TYPE_TUPLE:
 		n = r_long(p);
+		if (n < 0) {
+			PyErr_SetString(PyExc_ValueError, "bad marshal data");
+			return NULL;
+		}
 		v = PyTuple_New((int)n);
 		if (v == NULL)
 			return v;
@@ -492,6 +500,10 @@ r_object(p)
 	case TYPE_LIST:
 		n = r_long(p);
+		if (n < 0) {
+			PyErr_SetString(PyExc_ValueError, "bad marshal data");
+			return NULL;
+		}
 		v = PyList_New((int)n);
 		if (v == NULL)
 			return v;
@@ -571,8 +583,8 @@ r_object(p)
 	default:
 		/* Bogus data got written, which isn't ideal.
 		   This will let you keep working and recover. */
-		Py_INCREF(Py_None);
+		PyErr_SetString(PyExc_ValueError, "bad marshal data");
-		return Py_None;
+		return NULL;
 	}
 }