commit a45cb45965e4afa035d5069d30a579898b79f1e3
author Guido van Rossum <guido@python.org> Mon Jun 08 20:27:29 1998 +0000
committer Guido van Rossum <guido@python.org> Mon Jun 08 20:27:29 1998 +0000
tree 828567d9275d2b66778fe500b1ed2d7781f001b8
parent a63eff6e6aac8325cb3542a2d678cfc69fa8597e

When unmarshalling, add test for negative lengths on strings, tuples
and lists; if the size is negative, raise an exception.  Also raise an
exception when an undefined type is found -- all this to increase the
chance that garbage input causes an exception instead of a core dump.

Python/marshal.c

diff --git a/Python/marshal.c b/Python/marshal.c
index 3664734..3d5f2e5 100644
--- a/Python/marshal.c
+++ b/Python/marshal.c
@@ -463,6 +463,10 @@
 	
 	case TYPE_STRING:
 		n = r_long(p);
+		if (n < 0) {
+			PyErr_SetString(PyExc_ValueError, "bad marshal data");
+			return NULL;
+		}
 		v = PyString_FromStringAndSize((char *)NULL, n);
 		if (v != NULL) {
 			if (r_string(PyString_AsString(v), (int)n, p) != n) {
@@ -476,6 +480,10 @@
 	
 	case TYPE_TUPLE:
 		n = r_long(p);
+		if (n < 0) {
+			PyErr_SetString(PyExc_ValueError, "bad marshal data");
+			return NULL;
+		}
 		v = PyTuple_New((int)n);
 		if (v == NULL)
 			return v;
@@ -492,6 +500,10 @@
 	
 	case TYPE_LIST:
 		n = r_long(p);
+		if (n < 0) {
+			PyErr_SetString(PyExc_ValueError, "bad marshal data");
+			return NULL;
+		}
 		v = PyList_New((int)n);
 		if (v == NULL)
 			return v;
@@ -571,8 +583,8 @@
 	default:
 		/* Bogus data got written, which isn't ideal.
 		   This will let you keep working and recover. */
-		Py_INCREF(Py_None);
-		return Py_None;
+		PyErr_SetString(PyExc_ValueError, "bad marshal data");
+		return NULL;
 	
 	}
 }