Merged revisions 77352-77354 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r77352 | antoine.pitrou | 2010-01-07 18:46:49 +0100 (jeu., 07 janv. 2010) | 5 lines
Issue #7455: Fix possible crash in cPickle on invalid input. Patch by
Florent Xicluna.
........
r77353 | antoine.pitrou | 2010-01-07 18:49:37 +0100 (jeu., 07 janv. 2010) | 3 lines
Fix attribution. Florent actually repackaged and reviewed Victor's patch (sorry!).
........
r77354 | antoine.pitrou | 2010-01-07 18:54:10 +0100 (jeu., 07 janv. 2010) | 3 lines
Fix reattribution mistake when fixing attribution mistake!
........
diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py
index 759c986..7ded8b6 100644
--- a/Lib/test/pickletester.py
+++ b/Lib/test/pickletester.py
@@ -1139,6 +1139,9 @@
# Test issue4298
s = bytes([0x58, 0, 0, 0, 0x54])
self.assertRaises(EOFError, pickle.loads, s)
+ # Test issue7455
+ s = b'0'
+ self.assertRaises(pickle.UnpicklingError, pickle.loads, s)
class AbstractPersistentPicklerTests(unittest.TestCase):
diff --git a/Misc/NEWS b/Misc/NEWS
index c78c960..23fec21 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -194,6 +194,9 @@
Library
-------
+- Issue #7455: Fix possible crash in cPickle on invalid input. Patch by
+ Victor Stinner.
+
- Issue #1628205: Socket file objects returned by socket.socket.makefile() now
properly handles EINTR within the read, readline, write & flush methods.
The socket.sendall() method now properly handles interrupted system calls.
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index 0e6df34..29aed7a 100644
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -3729,7 +3729,7 @@
*/
if (self->num_marks > 0 && self->marks[self->num_marks - 1] == len) {
self->num_marks--;
- } else if (len >= 0) {
+ } else if (len > 0) {
len--;
Py_DECREF(self->stack->data[len]);
self->stack->length = len;