#3664: The pickle module could segfault if a Pickler instance is not correctly initialized:
when a subclass forgets to call the base __init__ method,
or when __init__ is called a second time with invalid parameters
Patch by Alexandre Vassalotti.
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index 91ebe2e..2b672a7 100644
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -421,6 +421,11 @@
{
PyObject *data, *result;
+ if (self->write_buf == NULL) {
+ PyErr_SetString(PyExc_SystemError, "invalid write buffer");
+ return -1;
+ }
+
if (s == NULL) {
if (!(self->buf_size))
return 0;
@@ -2378,6 +2383,16 @@
{
PyObject *obj;
+ /* Check whether the Pickler was initialized correctly (issue3664).
+ Developers often forget to call __init__() in their subclasses, which
+ would trigger a segfault without this check. */
+ if (self->write == NULL) {
+ PyErr_Format(PicklingError,
+ "Pickler.__init__() was not called by %s.__init__()",
+ Py_TYPE(self)->tp_name);
+ return NULL;
+ }
+
if (!PyArg_ParseTuple(args, "O:dump", &obj))
return NULL;