This commit is contained in:
Benjamin Peterson 2015-07-02 16:19:05 -05:00
commit 09dd773c13
3 changed files with 15 additions and 1 deletions

View File

@ -1039,6 +1039,18 @@ class AbstractPickleTests(unittest.TestCase):
self.assertEqual(B(x), B(y), detail)
self.assertEqual(x.__dict__, y.__dict__, detail)
def test_newobj_not_class(self):
# Issue 24552
global SimpleNewObj
save = SimpleNewObj
o = object.__new__(SimpleNewObj)
b = self.dumps(o, 4)
try:
SimpleNewObj = 42
self.assertRaises((TypeError, pickle.UnpicklingError), self.loads, b)
finally:
SimpleNewObj = save
# Register a type with copyreg, with extension code extcode. Pickle
# an object of that type. Check that the resulting pickle uses opcode
# (EXT[124]) under proto 2, and not in proto 1.

View File

@ -52,6 +52,8 @@ Core and Builtins
Library
-------
- Issue #24552: Fix use after free in an error case of the _pickle module.
- Issue #24514: tarfile now tolerates number fields consisting of only
whitespace.

View File

@ -5279,10 +5279,10 @@ load_newobj_ex(UnpicklerObject *self)
if (!PyType_Check(cls)) {
Py_DECREF(kwargs);
Py_DECREF(args);
Py_DECREF(cls);
PyErr_Format(st->UnpicklingError,
"NEWOBJ_EX class argument must be a type, not %.200s",
Py_TYPE(cls)->tp_name);
Py_DECREF(cls);
return -1;
}