Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / 2bbeb0eacde9a770a9cd9c9e94aae4b48835738f^! / .
commit2bbeb0eacde9a770a9cd9c9e94aae4b48835738f[log] [tgz]
authorMark Dickinson <dickinsm@gmail.com>Tue Sep 29 19:24:38 2009 +0000
committerMark Dickinson <dickinsm@gmail.com>Tue Sep 29 19:24:38 2009 +0000
treedc8306659eff5f3e5d0557375c544e3023679d25
parent595ad32f59820c67c68d1732530338a79b45b810 [diff]
Merged revisions 75145 via svnmerge from
svn+ssh://pythondev@www.python.org/python/branches/py3k

................
  r75145 | mark.dickinson | 2009-09-29 20:21:35 +0100 (Tue, 29 Sep 2009) | 10 lines

  Merged revisions 75141 via svnmerge from
  svn+ssh://pythondev@svn.python.org/python/trunk

  ........
    r75141 | mark.dickinson | 2009-09-29 20:01:06 +0100 (Tue, 29 Sep 2009) | 3 lines

    Issue #7019:  Unmarshalling of bad long data could produce unnormalized
    PyLongs.  Raise ValueError instead.
  ........
................

diff --git a/Lib/test/test_marshal.py b/Lib/test/test_marshal.py
index 6e3efe4..6688785 100644
--- a/Lib/test/test_marshal.py
+++ b/Lib/test/test_marshal.py

@@ -212,6 +212,11 @@
         testString = 'abc' * size
         marshal.dumps(testString)
 
+    def test_invalid_longs(self):
+        # Issue #7019: marshal.loads shouldn't produce unnormalized PyLongs
+        invalid_string = b'l\x02\x00\x00\x00\x00\x00\x00\x00'
+        self.assertRaises(ValueError, marshal.loads, invalid_string)
+
 
 def test_main():
     support.run_unittest(IntTestCase,

diff --git a/Misc/NEWS b/Misc/NEWS
index 4e17c51..cb65654 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -12,6 +12,9 @@
 Core and Builtins
 -----------------
 
+- Issue #7019: Raise ValueError when unmarshalling bad long data, instead
+  of producing internally inconsistent Python longs.
+
 - Issue #6990: Fix threading.local subclasses leaving old state around
   after a reference cycle GC which could be recycled by new locals.
 

diff --git a/Python/marshal.c b/Python/marshal.c
index 54d19d5..256285b 100644
--- a/Python/marshal.c
+++ b/Python/marshal.c

@@ -553,7 +553,7 @@
 r_PyLong(RFILE *p)
 {
 	PyLongObject *ob;
-	int size, i, j, md;
+	int size, i, j, md, shorts_in_top_digit;
 	long n;
 	digit d;
 
@@ -566,7 +566,8 @@
 		return NULL;
 	}
 
-	size = 1 + (ABS(n)-1) / PyLong_MARSHAL_RATIO;
+	size = 1 + (ABS(n) - 1) / PyLong_MARSHAL_RATIO;
+	shorts_in_top_digit = 1 + (ABS(n) - 1) % PyLong_MARSHAL_RATIO;
 	ob = _PyLong_New(size);
 	if (ob == NULL)
 		return NULL;
@@ -583,12 +584,21 @@
 		ob->ob_digit[i] = d;
 	}
 	d = 0;
-	for (j=0; j < (ABS(n)-1)%PyLong_MARSHAL_RATIO + 1; j++) {
+	for (j=0; j < shorts_in_top_digit; j++) {
 		md = r_short(p);
 		if (md < 0 || md > PyLong_MARSHAL_BASE)
 			goto bad_digit;
+		/* topmost marshal digit should be nonzero */
+		if (md == 0 && j == shorts_in_top_digit - 1) {
+			Py_DECREF(ob);
+			PyErr_SetString(PyExc_ValueError,
+				"bad marshal data (unnormalized long data)");
+			return NULL;
+		}
 		d += (digit)md << j*PyLong_MARSHAL_SHIFT;
 	}
+	/* top digit should be nonzero, else the resulting PyLong won't be
+	   normalized */
 	ob->ob_digit[size-1] = d;
 	return (PyObject *)ob;
   bad_digit: