Issue #27056: Fix _Unpickler_Read() to avoid integer overflow

This commit is contained in:
Victor Stinner 2016-05-20 21:16:59 +02:00
parent f4049ee170
commit da23056a3e
1 changed files with 1 additions and 1 deletions

View File

@ -1244,7 +1244,7 @@ _Unpickler_ReadImpl(UnpicklerObject *self, char **s, Py_ssize_t n)
Returns -1 (with an exception set) on failure. On success, return the
number of chars read. */
#define _Unpickler_Read(self, s, n) \
(((self)->next_read_idx + (n) <= (self)->input_len) \
(((n) <= (self)->input_len - (self)->next_read_idx) \
? (*(s) = (self)->input_buffer + (self)->next_read_idx, \
(self)->next_read_idx += (n), \
(n)) \