prevent overflow in _Unpickler_Read

This commit is contained in:
Benjamin Peterson 2015-09-26 00:08:34 -07:00
parent 3be2e54adc
commit e48cf7e729
2 changed files with 8 additions and 0 deletions

View File

@ -81,6 +81,8 @@ Core and Builtins
Library
-------
- Prevent overflow in _Unpickler_Read.
- Issue #25047: The XML encoding declaration written by Element Tree now
respects the letter case given by the user. This restores the ability to
write encoding names in uppercase like "UTF-8", which worked in Python 2.

View File

@ -1182,6 +1182,12 @@ _Unpickler_Read(UnpicklerObject *self, char **s, Py_ssize_t n)
{
Py_ssize_t num_read;
if (self->next_read_idx > PY_SSIZE_T_MAX - n) {
PickleState *st = _Pickle_GetGlobalState();
PyErr_SetString(st->UnpicklingError,
"read would overflow (invalid bytecode)");
return -1;
}
if (self->next_read_idx + n <= self->input_len) {
*s = self->input_buffer + self->next_read_idx;
self->next_read_idx += n;