From 901d81e6724f7685199e669b808fce57a6123d87 Mon Sep 17 00:00:00 2001 From: Antoine Pitrou Date: Thu, 7 Jan 2010 18:02:53 +0000 Subject: [PATCH] Merged revisions 77355 via svnmerge from svn+ssh://pythondev@svn.python.org/python/branches/py3k ................ r77355 | antoine.pitrou | 2010-01-07 18:57:31 +0100 (jeu., 07 janv. 2010) | 18 lines Merged revisions 77352-77354 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r77352 | antoine.pitrou | 2010-01-07 18:46:49 +0100 (jeu., 07 janv. 2010) | 5 lines Issue #7455: Fix possible crash in cPickle on invalid input. Patch by Florent Xicluna. ........ r77353 | antoine.pitrou | 2010-01-07 18:49:37 +0100 (jeu., 07 janv. 2010) | 3 lines Fix attribution. Florent actually repackaged and reviewed Victor's patch (sorry!). ........ r77354 | antoine.pitrou | 2010-01-07 18:54:10 +0100 (jeu., 07 janv. 2010) | 3 lines Fix reattribution mistake when fixing attribution mistake! ........ ................ --- Lib/test/pickletester.py | 3 +++ Misc/NEWS | 3 +++ Modules/_pickle.c | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py index 19704ae7ced..7ecc1053d73 100644 --- a/Lib/test/pickletester.py +++ b/Lib/test/pickletester.py @@ -1142,6 +1142,9 @@ class AbstractPickleModuleTests(unittest.TestCase): # Test issue4298 s = bytes([0x58, 0, 0, 0, 0x54]) self.assertRaises(EOFError, pickle.loads, s) + # Test issue7455 + s = b'0' + self.assertRaises(pickle.UnpicklingError, pickle.loads, s) class AbstractPersistentPicklerTests(unittest.TestCase): diff --git a/Misc/NEWS b/Misc/NEWS index ec4fa86eece..eaef3117c3a 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -61,6 +61,9 @@ Core and Builtins Library ------- +- Issue #7455: Fix possible crash in cPickle on invalid input. Patch by + Victor Stinner. + - Issue #6511: ZipFile now raises BadZipfile (instead of an IOError) when opening an empty or very small file. diff --git a/Modules/_pickle.c b/Modules/_pickle.c index 0e6df34bf10..29aed7adb3b 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -3729,7 +3729,7 @@ load_pop(UnpicklerObject *self) */ if (self->num_marks > 0 && self->marks[self->num_marks - 1] == len) { self->num_marks--; - } else if (len >= 0) { + } else if (len > 0) { len--; Py_DECREF(self->stack->data[len]); self->stack->length = len;