[Python-checkins] [2.7] bpo-33720: Improve tests for the stack overflow in marshal.loads(). (GH-7336). (GH-8107)
Serhiy Storchaka
webhook-mailer at python.org
Thu Jul 5 05:20:22 EDT 2018
https://github.com/python/cpython/commit/9720f60f2aba457121bfe42d09aa3ed91f28b86f
commit: 9720f60f2aba457121bfe42d09aa3ed91f28b86f
branch: 2.7
author: Serhiy Storchaka <storchaka at gmail.com>
committer: GitHub <noreply at github.com>
date: 2018-07-05T12:20:19+03:00
summary:
[2.7] bpo-33720: Improve tests for the stack overflow in marshal.loads(). (GH-7336). (GH-8107)
(cherry picked from commit fc05e68d8fac70349b7ea17ec14e7e0cfa956121)
Co-authored-by: Serhiy Storchaka <storchaka at gmail.com>
files:
M Lib/test/test_marshal.py
diff --git a/Lib/test/test_marshal.py b/Lib/test/test_marshal.py
index 76d59bac392a..bbaa9442ab76 100644
--- a/Lib/test/test_marshal.py
+++ b/Lib/test/test_marshal.py
@@ -227,8 +227,22 @@ def test_fuzz(self):
pass
def test_loads_recursion(self):
- s = 'c' + ('X' * 4*4) + '{' * 2**20
- self.assertRaises(ValueError, marshal.loads, s)
+ def run_tests(N, check):
+ # (((...None...),),)
+ check(b'(\x01\x00\x00\x00' * N + b'N')
+ # [[[...None...]]]
+ check(b'[\x01\x00\x00\x00' * N + b'N')
+ # {None: {None: {None: ...None...}}}
+ check(b'{N' * N + b'N' + b'0' * N)
+ # frozenset([frozenset([frozenset([...None...])])])
+ check(b'>\x01\x00\x00\x00' * N + b'N')
+ # Check that the generated marshal data is valid and marshal.loads()
+ # works for moderately deep nesting
+ run_tests(100, marshal.loads)
+ # Very deeply nested structure shouldn't blow the stack
+ def check(s):
+ self.assertRaises(ValueError, marshal.loads, s)
+ run_tests(2**20, check)
def test_recursion_limit(self):
# Create a deeply nested structure.
More information about the Python-checkins
mailing list