diff --git a/Lib/test/test_random.py b/Lib/test/test_random.py index e64804556db..4b5232fe21d 100644 --- a/Lib/test/test_random.py +++ b/Lib/test/test_random.py @@ -338,6 +338,11 @@ class MersenneTwister_TestBasicOps(TestBasicOps, unittest.TestCase): self.assertRaises(TypeError, self.gen.setstate, (2, ('a',)*625, None)) # Last element s/b an int also self.assertRaises(TypeError, self.gen.setstate, (2, (0,)*624+('a',), None)) + # Last element s/b between 0 and 624 + with self.assertRaises((ValueError, OverflowError)): + self.gen.setstate((2, (1,)*624+(625,), None)) + with self.assertRaises((ValueError, OverflowError)): + self.gen.setstate((2, (1,)*624+(-1,), None)) # Little trick to make "tuple(x % (2**32) for x in internalstate)" # raise ValueError. I cannot think of a simple way to achieve this, so diff --git a/Misc/NEWS b/Misc/NEWS index d38c4146f5a..1a67632e918 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -66,6 +66,8 @@ Core and Builtins Library ------- +- Issue #24620: Random.setstate() now validates the value of state last element. + - Issue #22153: Improve unittest docs. Patch from Martin Panter and evilzero. - Issue #24206: Fixed __eq__ and __ne__ methods of inspect classes. diff --git a/Modules/_randommodule.c b/Modules/_randommodule.c index 4377ee0cf4d..416e266f0bd 100644 --- a/Modules/_randommodule.c +++ b/Modules/_randommodule.c @@ -340,6 +340,10 @@ random_setstate(RandomObject *self, PyObject *state) index = PyLong_AsLong(PyTuple_GET_ITEM(state, i)); if (index == -1 && PyErr_Occurred()) return NULL; + if (index < 0 || index > N) { + PyErr_SetString(PyExc_ValueError, "invalid state"); + return NULL; + } self->index = (int)index; Py_INCREF(Py_None);