Fix bug in marshal where bad data would cause a segfault due to

lack of an infinite recursion check. Contributed by Damien Miller at Google.

Fix bug in marshal where bad data would cause a segfault due to
lack of an infinite recursion check. Contributed by Damien Miller at Google.
dc78cc6f · Neal Norwitz · 4043a6bb · dc78cc6f · dc78cc6f · dc78cc6f
Commit dc78cc6f authored May 16, 2007 by Neal Norwitz
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 164 additions and 69 deletions

Lib/test/test_marshal.py Lib/test/test_marshal.py +4 -0

Misc/ACKS Misc/ACKS +1 -0

Misc/NEWS Misc/NEWS +3 -0

Python/marshal.c Python/marshal.c +156 -69

No files found.
--- a/Lib/test/test_marshal.py
+++ b/Lib/test/test_marshal.py
@@ -220,6 +220,10 @@ class BugsTestCase(unittest.TestCase):
            except Exception:
                pass

+    def test_recursion(self):
+        s = 'c' + ('X' * 4*4) + '{' * 2**20
+        self.assertRaises(ValueError, marshal.loads, s)
+
 def test_main():
    test_support.run_unittest(IntTestCase,
                              FloatTestCase,

--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -413,6 +413,7 @@ Dieter Maurer
 Greg McFarlane
 Michael McLay
 Gordon McMillan
+Damien Miller
 Jay T. Miller
 Chris McDonough
 Andrew McNamara

--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,9 @@ What's New in Python 2.5.2c1?
 Library
 -------

+- Fix bug in marshal where bad data would cause a segfault due to
+  lack of an infinite recursion check.
+
 - HTML-escape the plain traceback in cgitb's HTML output, to prevent
  the traceback inadvertently or maliciously closing the comment and
  injecting HTML into the error page.

--- a/Python/marshal.c
+++ b/Python/marshal.c