diff --git a/Lib/pickle.py b/Lib/pickle.py index 998fce0a6bb..a4acbe941e0 100644 --- a/Lib/pickle.py +++ b/Lib/pickle.py @@ -903,7 +903,7 @@ class _Unpickler: orig = self.readline() rep = orig[:-1] # Strip outermost quotes - if rep[0] == rep[-1] and rep[0] in b'"\'': + if len(rep) >= 2 and rep[0] == rep[-1] and rep[0] in b'"\'': rep = rep[1:-1] else: raise ValueError("insecure string pickle") diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py index 5d12375267b..a72ab377c01 100644 --- a/Lib/test/pickletester.py +++ b/Lib/test/pickletester.py @@ -609,6 +609,14 @@ class AbstractPickleTests(unittest.TestCase): b"'abc\"", # open quote and close quote don't match b"'abc' ?", # junk after close quote b"'\\'", # trailing backslash + # Variations on issue #17710 + b"'", + b'"', + b"' ", + b"' ", + b"' ", + b"' ", + b'" ', # some tests of the quoting rules ## b"'abc\"\''", ## b"'\\\\a\'\'\'\\\'\\\\\''", diff --git a/Misc/NEWS b/Misc/NEWS index 5852ff2ecdd..6393f6cc7a1 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -42,6 +42,8 @@ Core and Builtins Library ------- +- Issue #17710: Fix pickle raising a SystemError on bogus input. + - Issue #17341: Include the invalid name in the error messages from re about invalid group names. diff --git a/Modules/_pickle.c b/Modules/_pickle.c index 146dccca443..2c83185dde9 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -4205,7 +4205,7 @@ load_string(UnpicklerObject *self) if ((len = _Unpickler_Readline(self, &s)) < 0) return -1; - if (len < 3) + if (len < 2) return bad_readline(); if ((s = strdup(s)) == NULL) { PyErr_NoMemory(); @@ -4213,14 +4213,14 @@ load_string(UnpicklerObject *self) } /* Strip outermost quotes */ - while (s[len - 1] <= ' ') + while (len > 0 && s[len - 1] <= ' ') len--; - if (s[0] == '"' && s[len - 1] == '"') { + if (len > 1 && s[0] == '"' && s[len - 1] == '"') { s[len - 1] = '\0'; p = s + 1; len -= 2; } - else if (s[0] == '\'' && s[len - 1] == '\'') { + else if (len > 1 && s[0] == '\'' && s[len - 1] == '\'') { s[len - 1] = '\0'; p = s + 1; len -= 2;