[Python-checkins] cpython (2.7): Issue #17710: Fix cPickle raising a SystemError on bogus input.

Mon Apr 15 21:35:35 CEST 2013

http://hg.python.org/cpython/rev/527b7f88b53c
changeset:   83399:527b7f88b53c
branch:      2.7
user:        Antoine Pitrou <solipsis at pitrou.net>
date:        Mon Apr 15 21:35:25 2013 +0200
summary:
  Issue #17710: Fix cPickle raising a SystemError on bogus input.

files:
  Lib/pickle.py            |   2 +-
  Lib/test/pickletester.py |   2 ++
  Misc/NEWS                |   2 ++
  Modules/cPickle.c        |  10 ++++++----
  4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/Lib/pickle.py b/Lib/pickle.py
--- a/Lib/pickle.py
+++ b/Lib/pickle.py
@@ -962,7 +962,7 @@
         rep = self.readline()[:-1]
         for q in "\"'": # double or single quote
             if rep.startswith(q):
-                if not rep.endswith(q):
+                if len(rep) < 2 or not rep.endswith(q):
                     raise ValueError, "insecure string pickle"
                 rep = rep[len(q):-len(q)]
                 break
diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py
--- a/Lib/test/pickletester.py
+++ b/Lib/test/pickletester.py
@@ -538,6 +538,8 @@
                     "'abc\"", # open quote and close quote don't match
                     "'abc'   ?", # junk after close quote
                     "'\\'", # trailing backslash
+                    "'",    # issue #17710
+                    "' ",   # issue #17710
                     # some tests of the quoting rules
                     #"'abc\"\''",
                     #"'\\\\a\'\'\'\\\'\\\\\''",
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -28,6 +28,8 @@
 Library
 -------
 
+- Issue #17710: Fix cPickle raising a SystemError on bogus input.
+
 - Issue #17341: Include the invalid name in the error messages from re about
   invalid group names.
 
diff --git a/Modules/cPickle.c b/Modules/cPickle.c
--- a/Modules/cPickle.c
+++ b/Modules/cPickle.c
@@ -3643,17 +3643,19 @@
 
 
     /* Strip outermost quotes */
-    while (s[len-1] <= ' ')
+    while (len > 0 && s[len-1] <= ' ')
         len--;
-    if(s[0]=='"' && s[len-1]=='"'){
+    if (len > 1 && s[0]=='"' && s[len-1]=='"') {
         s[len-1] = '\0';
         p = s + 1 ;
         len -= 2;
-    } else if(s[0]=='\'' && s[len-1]=='\''){
+    }
+    else if (len > 1 && s[0]=='\'' && s[len-1]=='\'') {
         s[len-1] = '\0';
         p = s + 1 ;
         len -= 2;
-    } else
+    }
+    else
         goto insecure;
     /********************************************/
 

-- 
Repository URL: http://hg.python.org/cpython
