Issue #3657: Fix uninitialized memory read when pickling longs.

The conversion to the unicode API was incorrect, it should use bytes.
repr is a bad variable name.  The use is overloaded, but I'll leave
that to fix later.

R=Brett
TESTED=./python -E -tt ./Lib/test/regrtest.py -uall
	valgrind -q --leak-check=yes --suppressions=Misc/valgrind-python.supp \
		./python -E -tt ./Lib/test/regrtest.py test_pickletools

diff --git a/Misc/NEWS b/Misc/NEWS
index b846d8fb54f12d40b90928d3471a40948f07a5fe..8594c99e6f5b40cf0fc4845c90e0c16d4969721c 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,9 @@ What's New in Python 3.0 release candidate 1
 Core and Builtins
 -----------------
 
+- Issue #3657: Fix uninitialized memory read when pickling longs.
+  Found by valgrind.
+
 - Apply security patches from Apple.
 
 - Fix crashes on memory allocation failure found with failmalloc.

diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index 52fa15694cd6e31712fbc29d2a7eb535ff4715d7..ea5bbe2759aa9a0e7945df6534109c3c565a854e 100644 (file)
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -924,10 +924,10 @@ save_long(PicklerObject *self, PyObject *obj)
                             "long too large to pickle");
             goto error;
         }
-        repr = PyUnicode_FromStringAndSize(NULL, (int)nbytes);
+        repr = PyBytes_FromStringAndSize(NULL, (Py_ssize_t)nbytes);
         if (repr == NULL)
             goto error;
-        pdata = (unsigned char *)_PyUnicode_AsString(repr);
+        pdata = (unsigned char *)PyBytes_AS_STRING(repr);
         i = _PyLong_AsByteArray((PyLongObject *)obj,
                                 pdata, nbytes,
                                 1 /* little endian */ , 1 /* signed */ );