Issue #27056: Fix _Unpickler_Read() to avoid integer overflow
This commit is contained in:
parent
f4049ee170
commit
da23056a3e
|
@ -1244,7 +1244,7 @@ _Unpickler_ReadImpl(UnpicklerObject *self, char **s, Py_ssize_t n)
|
|||
Returns -1 (with an exception set) on failure. On success, return the
|
||||
number of chars read. */
|
||||
#define _Unpickler_Read(self, s, n) \
|
||||
(((self)->next_read_idx + (n) <= (self)->input_len) \
|
||||
(((n) <= (self)->input_len - (self)->next_read_idx) \
|
||||
? (*(s) = (self)->input_buffer + (self)->next_read_idx, \
|
||||
(self)->next_read_idx += (n), \
|
||||
(n)) \
|
||||
|
|
Loading…
Reference in New Issue