From: Neal Norwitz Date: Sun, 24 Aug 2008 23:50:08 +0000 (+0000) Subject: Issue #3657: Fix uninitialized memory read when pickling longs. X-Git-Tag: v3.0rc1~174 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6ae2eb268d55854eafe36fa707ffed980a277d06;p=python Issue #3657: Fix uninitialized memory read when pickling longs. The conversion to the unicode API was incorrect, it should use bytes. repr is a bad variable name. The use is overloaded, but I'll leave that to fix later. R=Brett TESTED=./python -E -tt ./Lib/test/regrtest.py -uall valgrind -q --leak-check=yes --suppressions=Misc/valgrind-python.supp \ ./python -E -tt ./Lib/test/regrtest.py test_pickletools --- diff --git a/Misc/NEWS b/Misc/NEWS index b846d8fb54..8594c99e6f 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -12,6 +12,9 @@ What's New in Python 3.0 release candidate 1 Core and Builtins ----------------- +- Issue #3657: Fix uninitialized memory read when pickling longs. + Found by valgrind. + - Apply security patches from Apple. - Fix crashes on memory allocation failure found with failmalloc. diff --git a/Modules/_pickle.c b/Modules/_pickle.c index 52fa15694c..ea5bbe2759 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -924,10 +924,10 @@ save_long(PicklerObject *self, PyObject *obj) "long too large to pickle"); goto error; } - repr = PyUnicode_FromStringAndSize(NULL, (int)nbytes); + repr = PyBytes_FromStringAndSize(NULL, (Py_ssize_t)nbytes); if (repr == NULL) goto error; - pdata = (unsigned char *)_PyUnicode_AsString(repr); + pdata = (unsigned char *)PyBytes_AS_STRING(repr); i = _PyLong_AsByteArray((PyLongObject *)obj, pdata, nbytes, 1 /* little endian */ , 1 /* signed */ );