[Python-checkins] cpython (3.4): prevent overflow in _Unpickler_Read
benjamin.peterson
python-checkins at python.org
Sat Sep 26 09:10:18 CEST 2015
https://hg.python.org/cpython/rev/88d98f6c2d7d
changeset: 98275:88d98f6c2d7d
branch: 3.4
parent: 98270:e494316a9291
user: Benjamin Peterson <benjamin at python.org>
date: Sat Sep 26 00:08:34 2015 -0700
summary:
prevent overflow in _Unpickler_Read
files:
Misc/NEWS | 2 ++
Modules/_pickle.c | 6 ++++++
2 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -81,6 +81,8 @@
Library
-------
+- Prevent overflow in _Unpickler_Read.
+
- Issue #25047: The XML encoding declaration written by Element Tree now
respects the letter case given by the user. This restores the ability to
write encoding names in uppercase like "UTF-8", which worked in Python 2.
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -1182,6 +1182,12 @@
{
Py_ssize_t num_read;
+ if (self->next_read_idx > PY_SSIZE_T_MAX - n) {
+ PickleState *st = _Pickle_GetGlobalState();
+ PyErr_SetString(st->UnpicklingError,
+ "read would overflow (invalid bytecode)");
+ return -1;
+ }
if (self->next_read_idx + n <= self->input_len) {
*s = self->input_buffer + self->next_read_idx;
self->next_read_idx += n;
--
Repository URL: https://hg.python.org/cpython
More information about the Python-checkins
mailing list