[Python-checkins] cpython (3.4): Issue #25725: Fixed a reference leak in pickle.loads() when unpickling
serhiy.storchaka
python-checkins at python.org
Wed Nov 25 08:08:14 EST 2015
https://hg.python.org/cpython/rev/c85eca74f3a5
changeset: 99338:c85eca74f3a5
branch: 3.4
parent: 99335:01998efb605a
user: Serhiy Storchaka <storchaka at gmail.com>
date: Wed Nov 25 15:01:53 2015 +0200
summary:
Issue #25725: Fixed a reference leak in pickle.loads() when unpickling
invalid data including tuple instructions.
files:
Misc/NEWS | 3 ++
Modules/_pickle.c | 39 ++++++++++++----------------------
2 files changed, 17 insertions(+), 25 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -106,6 +106,9 @@
Library
-------
+- Issue #25725: Fixed a reference leak in pickle.loads() when unpickling
+ invalid data including tuple instructions.
+
- Issue #25663: In the Readline completer, avoid listing duplicate global
names, and search the global namespace before searching builtins.
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -4915,15 +4915,14 @@
}
static int
-load_tuple(UnpicklerObject *self)
+load_counted_tuple(UnpicklerObject *self, int len)
{
PyObject *tuple;
- Py_ssize_t i;
-
- if ((i = marker(self)) < 0)
- return -1;
-
- tuple = Pdata_poptuple(self->stack, i);
+
+ if (Py_SIZE(self->stack) < len)
+ return stack_underflow();
+
+ tuple = Pdata_poptuple(self->stack, Py_SIZE(self->stack) - len);
if (tuple == NULL)
return -1;
PDATA_PUSH(self->stack, tuple, -1);
@@ -4931,24 +4930,14 @@
}
static int
-load_counted_tuple(UnpicklerObject *self, int len)
-{
- PyObject *tuple;
-
- tuple = PyTuple_New(len);
- if (tuple == NULL)
- return -1;
-
- while (--len >= 0) {
- PyObject *item;
-
- PDATA_POP(self->stack, item);
- if (item == NULL)
- return -1;
- PyTuple_SET_ITEM(tuple, len, item);
- }
- PDATA_PUSH(self->stack, tuple, -1);
- return 0;
+load_tuple(UnpicklerObject *self)
+{
+ Py_ssize_t i;
+
+ if ((i = marker(self)) < 0)
+ return -1;
+
+ return load_counted_tuple(self, Py_SIZE(self->stack) - i);
}
static int
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list