[Python-checkins] cpython (2.7): Issue #25725: Fixed a reference leak in cPickle.loads() when unpickling

serhiy.storchaka python-checkins at python.org
Wed Nov 25 08:08:14 EST 2015 

https://hg.python.org/cpython/rev/9a4db1ac5e10
changeset:   99341:9a4db1ac5e10
branch:      2.7
parent:      99334:a365fb0dd5e1
user:        Serhiy Storchaka <storchaka at gmail.com>
date:        Wed Nov 25 15:07:49 2015 +0200
summary:
  Issue #25725: Fixed a reference leak in cPickle.loads() when unpickling
invalid data including tuple instructions.

files:
  Misc/NEWS         |   3 +++
  Modules/cPickle.c |  33 ++++++++++++---------------------
  2 files changed, 15 insertions(+), 21 deletions(-)


diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -13,6 +13,9 @@
 Library
 -------
 
+- Issue #25725: Fixed a reference leak in cPickle.loads() when unpickling
+  invalid data including tuple instructions.
+
 - Issue #25663: In the Readline completer, avoid listing duplicate global
   names, and search the global namespace before searching builtins.
 
diff --git a/Modules/cPickle.c b/Modules/cPickle.c
--- a/Modules/cPickle.c
+++ b/Modules/cPickle.c
@@ -3798,35 +3798,26 @@
 
 
 static int
-load_tuple(Unpicklerobject *self)
+load_counted_tuple(Unpicklerobject *self, int len)
 {
     PyObject *tup;
-    Py_ssize_t i;
-
-    if ((i = marker(self)) < 0) return -1;
-    if (!( tup=Pdata_popTuple(self->stack, i)))  return -1;
+
+    if (self->stack->length < len)
+        return stackUnderflow();
+
+    if (!(tup = Pdata_popTuple(self->stack, self->stack->length - len)))
+        return -1;
     PDATA_PUSH(self->stack, tup, -1);
     return 0;
 }
 
 static int
-load_counted_tuple(Unpicklerobject *self, int len)
+load_tuple(Unpicklerobject *self)
 {
-    PyObject *tup = PyTuple_New(len);
-
-    if (tup == NULL)
-        return -1;
-
-    while (--len >= 0) {
-        PyObject *element;
-
-        PDATA_POP(self->stack, element);
-        if (element == NULL)
-            return -1;
-        PyTuple_SET_ITEM(tup, len, element);
-    }
-    PDATA_PUSH(self->stack, tup, -1);
-    return 0;
+    Py_ssize_t i;
+
+    if ((i = marker(self)) < 0) return -1;
+    return load_counted_tuple(self, self->stack->length - i);
 }
 
 static int

-- 
Repository URL: https://hg.python.org/cpython

More information about the Python-checkins mailing list