Issue #7019: An attempt to unmarshal bad long data could produce

unnormalized PyLong objects; make it raise ValueError instead.

diff --git a/Lib/test/test_marshal.py b/Lib/test/test_marshal.py
index 943aa55b39a8aeddd69f4d0a4cb868aef62c1678..0dd59d1f949e9e0dde489bfab6f5ba77498164e5 100644 (file)
--- a/Lib/test/test_marshal.py
+++ b/Lib/test/test_marshal.py
@@ -262,6 +262,11 @@ class BugsTestCase(unittest.TestCase):
         testString = 'abc' * size
         marshal.dumps(testString)
 
+    def test_invalid_longs(self):
+        # Issue #7019: marshal.loads shouldn't produce unnormalized PyLongs
+        invalid_string = 'l\x02\x00\x00\x00\x00\x00\x00\x00'
+        self.assertRaises(ValueError, marshal.loads, invalid_string)
+
 
 def test_main():
     test_support.run_unittest(IntTestCase,

diff --git a/Misc/NEWS b/Misc/NEWS
index 90b59a78a7486e1eb1844c7b54c36e66d9366e86..ab14d9daebb38c207976a3787abce7cf8cd46ac0 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,9 @@ What's New in Python 2.6.4a1?
 Core and Builtins
 -----------------
 
+- Issue #7019: Raise ValueError when unmarshalling bad long data, instead
+  of producing internally inconsistent Python longs.
+
 Library
 -------
 

diff --git a/Python/marshal.c b/Python/marshal.c
index 52d22573d3de7ddd3dd5e5689fe1cee34e3f7e0a..a4c831f261584d39e47b55458dc76e1d46a4c379 100644 (file)
--- a/Python/marshal.c
+++ b/Python/marshal.c
@@ -589,7 +589,8 @@ r_object(RFILE *p)
                        ob->ob_size = n;
                        for (i = 0; i < size; i++) {
                                int digit = r_short(p);
-                               if (digit < 0) {
+                               if (digit < 0 ||
+                                   (digit == 0 && i == size-1)) {
                                        Py_DECREF(ob);
                                        PyErr_SetString(PyExc_ValueError,
                                                        "bad marshal data");