[Python-3000-checkins] r67187 - in python/branches/py3k: Lib/test/pickletester.py Misc/NEWS Modules/_pickle.c

amaury.forgeotdarc python-3000-checkins at python.org
Tue Nov 11 21:05:07 CET 2008


Author: amaury.forgeotdarc
Date: Tue Nov 11 21:05:06 2008
New Revision: 67187

Log:
#4298: pickle.load() can segfault on invalid or truncated input.

Patch and test by Hirokazu Yamamoto.


Modified:
   python/branches/py3k/Lib/test/pickletester.py
   python/branches/py3k/Misc/NEWS
   python/branches/py3k/Modules/_pickle.c

Modified: python/branches/py3k/Lib/test/pickletester.py
==============================================================================
--- python/branches/py3k/Lib/test/pickletester.py	(original)
+++ python/branches/py3k/Lib/test/pickletester.py	Tue Nov 11 21:05:06 2008
@@ -1032,6 +1032,11 @@
         self.assertRaises(pickle.PicklingError, BadPickler().dump, 0)
         self.assertRaises(pickle.UnpicklingError, BadUnpickler().load)
 
+    def test_bad_input(self):
+        # Test issue4298
+        s = bytes([0x58, 0, 0, 0, 0x54])
+        self.assertRaises(EOFError, pickle.loads, s)
+
 
 class AbstractPersistentPicklerTests(unittest.TestCase):
 

Modified: python/branches/py3k/Misc/NEWS
==============================================================================
--- python/branches/py3k/Misc/NEWS	(original)
+++ python/branches/py3k/Misc/NEWS	Tue Nov 11 21:05:06 2008
@@ -16,7 +16,9 @@
 Library
 -------
 
-- Issue #4283: fix a left-over "iteritems" call in distutils.
+- Issue #4298: Fix a segfault when pickle.loads is passed a ill-formed input.
+
+- Issue #4283: Fix a left-over "iteritems" call in distutils.
 
 Build
 -----

Modified: python/branches/py3k/Modules/_pickle.c
==============================================================================
--- python/branches/py3k/Modules/_pickle.c	(original)
+++ python/branches/py3k/Modules/_pickle.c	Tue Nov 11 21:05:06 2008
@@ -489,6 +489,11 @@
         return -1;
     }
 
+    if (PyBytes_GET_SIZE(data) != n) {
+        PyErr_SetNone(PyExc_EOFError);
+        return -1;
+    }
+
     Py_XDECREF(self->last_string);
     self->last_string = data;
 


More information about the Python-3000-checkins mailing list