From: Mark Dickinson <dickinsm@gmail.com>
Date: Sat, 3 Oct 2009 08:15:49 +0000 (+0000)
Subject: Issue #7019: An attempt to unmarshal bad long data could produce
X-Git-Tag: v2.6.4rc1~15
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c3a12775e26f8c8f4148cb247dc88bc38f05dc58;p=python

Issue #7019: An attempt to unmarshal bad long data could produce
unnormalized PyLong objects; make it raise ValueError instead.
---

diff --git a/Lib/test/test_marshal.py b/Lib/test/test_marshal.py
index 943aa55b39..0dd59d1f94 100644
--- a/Lib/test/test_marshal.py
+++ b/Lib/test/test_marshal.py
@@ -262,6 +262,11 @@ class BugsTestCase(unittest.TestCase):
         testString = 'abc' * size
         marshal.dumps(testString)
 
+    def test_invalid_longs(self):
+        # Issue #7019: marshal.loads shouldn't produce unnormalized PyLongs
+        invalid_string = 'l\x02\x00\x00\x00\x00\x00\x00\x00'
+        self.assertRaises(ValueError, marshal.loads, invalid_string)
+
 
 def test_main():
     test_support.run_unittest(IntTestCase,
diff --git a/Misc/NEWS b/Misc/NEWS
index 90b59a78a7..ab14d9daeb 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,9 @@ What's New in Python 2.6.4a1?
 Core and Builtins
 -----------------
 
+- Issue #7019: Raise ValueError when unmarshalling bad long data, instead
+  of producing internally inconsistent Python longs.
+
 Library
 -------
 
diff --git a/Python/marshal.c b/Python/marshal.c
index 52d22573d3..a4c831f261 100644
--- a/Python/marshal.c
+++ b/Python/marshal.c
@@ -589,7 +589,8 @@ r_object(RFILE *p)
 			ob->ob_size = n;
 			for (i = 0; i < size; i++) {
 				int digit = r_short(p);
-				if (digit < 0) {
+				if (digit < 0 ||
+				    (digit == 0 && i == size-1)) {
 					Py_DECREF(ob);
 					PyErr_SetString(PyExc_ValueError,
 							"bad marshal data");