Issue #7455: Fix possible crash in cPickle on invalid input. Patch by

Florent Xicluna.

diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py
index 04bb84233ea76a2c26872fbbcde9473d3e37a21a..0bdcc1079f9021e73d14c903257f561baae30e39 100644 (file)
--- a/Lib/test/pickletester.py
+++ b/Lib/test/pickletester.py
@@ -1100,6 +1100,15 @@ class AbstractPickleModuleTests(unittest.TestCase):
         exec teststr in {'__builtins__': builtins}, d
         d['f']()
 
+    def test_bad_input(self):
+        # Test issue4298
+        s = '\x58\0\0\0\x54'
+        self.assertRaises(EOFError, self.module.loads, s)
+        # Test issue7455
+        s = '0'
+        # XXX Why doesn't pickle raise UnpicklingError?
+        self.assertRaises((IndexError, cPickle.UnpicklingError),
+                          self.module.loads, s)
 
 class AbstractPersistentPicklerTests(unittest.TestCase):
 

diff --git a/Misc/NEWS b/Misc/NEWS
index 274b150b272c9a3fcaea1ec681668ddbab870bb0..199680e915c2ab051c3dc020fb3bc9f1975c6c92 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -65,6 +65,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #7455: Fix possible crash in cPickle on invalid input.  Patch by
+  Florent Xicluna.
+
 - Issue #7092: Fix the DeprecationWarnings emitted by the standard library
   when using the -3 flag.  Patch by Florent Xicluna.
 

diff --git a/Modules/cPickle.c b/Modules/cPickle.c
index f97959b2b5c7ac1361fa14b04f587cb006b2225c..7fa7f703d72c8e3d0da64f79d6f8bac39e6ef451 100644 (file)
--- a/Modules/cPickle.c
+++ b/Modules/cPickle.c
@@ -4117,7 +4117,7 @@ load_pop(Unpicklerobject *self)
        */
        if (self->num_marks > 0 && self->marks[self->num_marks - 1] == len) {
                self->num_marks--;
-       } else if (len >= 0) {
+       } else if (len > 0) {
                len--;
                Py_DECREF(self->stack->data[len]);
                self->stack->length = len;