prevent overflow in _Unpickler_Read
This commit is contained in:
parent
3be2e54adc
commit
e48cf7e729
|
@ -81,6 +81,8 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Prevent overflow in _Unpickler_Read.
|
||||
|
||||
- Issue #25047: The XML encoding declaration written by Element Tree now
|
||||
respects the letter case given by the user. This restores the ability to
|
||||
write encoding names in uppercase like "UTF-8", which worked in Python 2.
|
||||
|
|
|
@ -1182,6 +1182,12 @@ _Unpickler_Read(UnpicklerObject *self, char **s, Py_ssize_t n)
|
|||
{
|
||||
Py_ssize_t num_read;
|
||||
|
||||
if (self->next_read_idx > PY_SSIZE_T_MAX - n) {
|
||||
PickleState *st = _Pickle_GetGlobalState();
|
||||
PyErr_SetString(st->UnpicklingError,
|
||||
"read would overflow (invalid bytecode)");
|
||||
return -1;
|
||||
}
|
||||
if (self->next_read_idx + n <= self->input_len) {
|
||||
*s = self->input_buffer + self->next_read_idx;
|
||||
self->next_read_idx += n;
|
||||
|
|
Loading…
Reference in New Issue