#6553: crash in cPickle.load(), when given a StringIO with incomplete data.

Will backport to 2.6, 3.x already fixed a similar issue with issue4298.

Lib/test/pickletester.py

@@ -1,6 +1,7 @@
 import unittest
 import pickle
 import cPickle
+import StringIO
 import cStringIO
 import pickletools
 import copy_reg
@@ -1086,6 +1087,10 @@ class AbstractPickleModuleTests(unittest.TestCase):
         self.module.Pickler(f, -1)
         self.module.Pickler(f, protocol=-1)
 
+    def test_incomplete_input(self):
+        s = StringIO.StringIO("X''.")
+        self.assertRaises(EOFError, self.module.load, s)
+
 class AbstractPersistentPicklerTests(unittest.TestCase):
 
     # This class defines persistent_id() and persistent_load()

Misc/NEWS

@@ -351,7 +351,10 @@ Core and Builtins
 Library
 -------
 
-- Issue #6545: Removed assert statements in distutils.Extension, so the 
+- Issue #6553: Fixed a crash in cPickle.load(), when given a file-like object
+  containing incomplete data.
+
+- Issue #6545: Removed assert statements in distutils.Extension, so the
   behavior is similar when used with -O.
 
 - unittest has been split up into a package.  All old names should still work.
@@ -360,7 +363,7 @@ Library
   know how to handle a comparison without loss of precision.  Also add
   correct handling of infinities and nans for comparisons with float.
 
-- Issue #6415: Fixed warnings.warn sagfault on bad formatted string.
+- Issue #6415: Fixed warnings.warn segfault on bad formatted string.
 
 - Issue #6466: now distutils.cygwinccompiler and distutils.emxccompiler
   uses the same refactored function to get gcc/ld/dllwrap versions numbers.

Modules/cPickle.c

@@ -663,6 +663,12 @@ read_other(Unpicklerobject *self, char **s, Py_ssize_t  n)
 	self->last_string = str;
 
 	if (! (*s = PyString_AsString(str))) return -1;
+
+	if (PyString_GET_SIZE(str) != n) {
+		PyErr_SetNone(PyExc_EOFError);
+		return -1;
+	}
+
 	return n;
 }