prevent overflow in _Unpickler_Read

author Benjamin Peterson <benjamin@python.org>

Sat, 26 Sep 2015 07:08:34 +0000 (00:08 -0700)

committer Benjamin Peterson <benjamin@python.org>

Sat, 26 Sep 2015 07:08:34 +0000 (00:08 -0700)
author Benjamin Peterson <benjamin@python.org>
Sat, 26 Sep 2015 07:08:34 +0000 (00:08 -0700)
committer Benjamin Peterson <benjamin@python.org>
Sat, 26 Sep 2015 07:08:34 +0000 (00:08 -0700)
diff --git a/Misc/NEWS b/Misc/NEWS

index fcf3d887fd212ad520509198922d73445fe1cec4..a4e5c47ab6f76ee19a49a299d184f40475900238 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -81,6 +81,8 @@ Core and Builtins
  Library
  -------
  
+- Prevent overflow in _Unpickler_Read.
+
  - Issue #25047: The XML encoding declaration written by Element Tree now
    respects the letter case given by the user. This restores the ability to
    write encoding names in uppercase like "UTF-8", which worked in Python 2.
diff --git a/Modules/_pickle.c b/Modules/_pickle.c

index 9f16b4d081019a9078cbf641f20aab75ea043529..68d2a60774bf04e9452caaa2ee563bc9fb015801 100644 (file)
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -1182,6 +1182,12 @@ _Unpickler_Read(UnpicklerObject *self, char **s, Py_ssize_t n)
  {
      Py_ssize_t num_read;
  
+    if (self->next_read_idx > PY_SSIZE_T_MAX - n) {
+        PickleState *st = _Pickle_GetGlobalState();
+        PyErr_SetString(st->UnpicklingError,
+                        "read would overflow (invalid bytecode)");
+        return -1;
+    }
      if (self->next_read_idx + n <= self->input_len) {
          *s = self->input_buffer + self->next_read_idx;
          self->next_read_idx += n;
author	Benjamin Peterson <benjamin@python.org>
	Sat, 26 Sep 2015 07:08:34 +0000 (00:08 -0700)
committer	Benjamin Peterson <benjamin@python.org>
	Sat, 26 Sep 2015 07:08:34 +0000 (00:08 -0700)
Misc/NEWS		patch \| blob \| history
Modules/_pickle.c		patch \| blob \| history