Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

Issue #7019: Unmarshalling of bad long data could produce unnormalized 

PyLongs.  Raise ValueError instead.
This commit is contained in:
Mark Dickinson 2009-09-29 19:01:06 +00:00
parent 13305f681b
commit 7e7a3ec901
3 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Lib/test/test_marshal.py
View File

@ -262,6 +262,11 @@ class BugsTestCase(unittest.TestCase):
testString = 'abc' * size
marshal.dumps(testString)
def test_invalid_longs(self):
# Issue #7019: marshal.loads shouldn't produce unnormalized PyLongs
invalid_string = 'l\x02\x00\x00\x00\x00\x00\x00\x00'
self.assertRaises(ValueError, marshal.loads, invalid_string)
def test_main():
test_support.run_unittest(IntTestCase,

3
Misc/NEWS
View File

@ -12,6 +12,9 @@ What's New in Python 2.7 alpha 1
Core and Builtins
-----------------
- Issue #7019: Raise ValueError when unmarshalling bad long data, instead
of producing internally inconsistent Python longs.
- Issue #6990: Fix threading.local subclasses leaving old state around
after a reference cycle GC which could be recycled by new locals.

16
Python/marshal.c
View File

@ -556,7 +556,7 @@ static PyObject *
r_PyLong(RFILE *p)
{
PyLongObject *ob;
int size, i, j, md;
int size, i, j, md, shorts_in_top_digit;
long n;
digit d;
@ -569,7 +569,8 @@ r_PyLong(RFILE *p)
return NULL;
}
size = 1 + (ABS(n)-1) / PyLong_MARSHAL_RATIO;
size = 1 + (ABS(n) - 1) / PyLong_MARSHAL_RATIO;
shorts_in_top_digit = 1 + (ABS(n) - 1) % PyLong_MARSHAL_RATIO;
ob = _PyLong_New(size);
if (ob == NULL)
return NULL;
@ -586,12 +587,21 @@ r_PyLong(RFILE *p)
ob->ob_digit[i] = d;
}
d = 0;
for (j=0; j < (ABS(n)-1)%PyLong_MARSHAL_RATIO + 1; j++) {
for (j=0; j < shorts_in_top_digit; j++) {
md = r_short(p);
if (md < 0 || md > PyLong_MARSHAL_BASE)
goto bad_digit;
/* topmost marshal digit should be nonzero */
if (md == 0 && j == shorts_in_top_digit - 1) {
Py_DECREF(ob);
PyErr_SetString(PyExc_ValueError,
"bad marshal data (unnormalized long data)");
return NULL;
}
d += (digit)md << j*PyLong_MARSHAL_SHIFT;
}
/* top digit should be nonzero, else the resulting PyLong won't be
normalized */
ob->ob_digit[size-1] = d;
return (PyObject *)ob;
bad_digit: