mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-28 20:56:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Issue #17710: Fix pickle raising a SystemError on bogus input.

Browse source
This commit is contained in:
Antoine Pitrou 2013-04-15 21:55:14 +02:00
commit af94051a93
4 changed files with 15 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Lib/pickle.py
View file

@ -903,7 +903,7 @@ class _Unpickler:
orig = self.readline() orig = self.readline()
rep = orig[:-1] rep = orig[:-1]
# Strip outermost quotes # Strip outermost quotes
if rep[0] == rep[-1] and rep[0] in b'"\'': if len(rep) >= 2 and rep[0] == rep[-1] and rep[0] in b'"\'':
rep = rep[1:-1] rep = rep[1:-1]
else: else:
raise ValueError("insecure string pickle") raise ValueError("insecure string pickle")

8
Lib/test/pickletester.py
View file

@ -609,6 +609,14 @@ class AbstractPickleTests(unittest.TestCase):
b"'abc\"", # open quote and close quote don't match b"'abc\"", # open quote and close quote don't match
b"'abc' ?", # junk after close quote b"'abc' ?", # junk after close quote
b"'\\'", # trailing backslash b"'\\'", # trailing backslash
# Variations on issue #17710
b"'",
b'"',
b"' ",
b"' ",
b"' ",
b"' ",
b'" ',
# some tests of the quoting rules # some tests of the quoting rules
## b"'abc\"\''", ## b"'abc\"\''",
## b"'\\\\a\'\'\'\\\'\\\\\''", ## b"'\\\\a\'\'\'\\\'\\\\\''",

2
Misc/NEWS
View file

@ -42,6 +42,8 @@ Core and Builtins
Library Library
------- -------
- Issue #17710: Fix pickle raising a SystemError on bogus input.
- Issue #17341: Include the invalid name in the error messages from re about - Issue #17341: Include the invalid name in the error messages from re about
invalid group names. invalid group names.

8
Modules/_pickle.c
View file

@ -4205,7 +4205,7 @@ load_string(UnpicklerObject *self)
if ((len = _Unpickler_Readline(self, &s)) < 0) if ((len = _Unpickler_Readline(self, &s)) < 0)
return -1; return -1;
if (len < 3) if (len < 2)
return bad_readline(); return bad_readline();
if ((s = strdup(s)) == NULL) { if ((s = strdup(s)) == NULL) {
PyErr_NoMemory(); PyErr_NoMemory();
@ -4213,14 +4213,14 @@ load_string(UnpicklerObject *self)
} }
/* Strip outermost quotes */ /* Strip outermost quotes */
while (s[len - 1] <= ' ') while (len > 0 && s[len - 1] <= ' ')
len--; len--;
if (s[0] == '"' && s[len - 1] == '"') { if (len > 1 && s[0] == '"' && s[len - 1] == '"') {
s[len - 1] = '\0'; s[len - 1] = '\0';
p = s + 1; p = s + 1;
len -= 2; len -= 2;
} }
else if (s[0] == '\'' && s[len - 1] == '\'') { else if (len > 1 && s[0] == '\'' && s[len - 1] == '\'') {
s[len - 1] = '\0'; s[len - 1] = '\0';
p = s + 1; p = s + 1;
len -= 2; len -= 2;