From c3a12775e26f8c8f4148cb247dc88bc38f05dc58 Mon Sep 17 00:00:00 2001
From: Mark Dickinson <dickinsm@gmail.com>
Date: Sat, 3 Oct 2009 08:15:49 +0000
Subject: [PATCH] Issue #7019: An attempt to unmarshal bad long data could
 produce unnormalized PyLong objects; make it raise ValueError instead.

---
 Lib/test/test_marshal.py | 5 +++++
 Misc/NEWS                | 3 +++
 Python/marshal.c         | 3 ++-
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/Lib/test/test_marshal.py b/Lib/test/test_marshal.py
index 943aa55b39a..0dd59d1f949 100644
--- a/Lib/test/test_marshal.py
+++ b/Lib/test/test_marshal.py
@@ -262,6 +262,11 @@ class BugsTestCase(unittest.TestCase):
         testString = 'abc' * size
         marshal.dumps(testString)
 
+    def test_invalid_longs(self):
+        # Issue #7019: marshal.loads shouldn't produce unnormalized PyLongs
+        invalid_string = 'l\x02\x00\x00\x00\x00\x00\x00\x00'
+        self.assertRaises(ValueError, marshal.loads, invalid_string)
+
 
 def test_main():
     test_support.run_unittest(IntTestCase,
diff --git a/Misc/NEWS b/Misc/NEWS
index 90b59a78a74..ab14d9daebb 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,9 @@ What's New in Python 2.6.4a1?
 Core and Builtins
 -----------------
 
+- Issue #7019: Raise ValueError when unmarshalling bad long data, instead
+  of producing internally inconsistent Python longs.
+
 Library
 -------
 
diff --git a/Python/marshal.c b/Python/marshal.c
index 52d22573d3d..a4c831f2615 100644
--- a/Python/marshal.c
+++ b/Python/marshal.c
@@ -589,7 +589,8 @@ r_object(RFILE *p)
 			ob->ob_size = n;
 			for (i = 0; i < size; i++) {
 				int digit = r_short(p);
-				if (digit < 0) {
+				if (digit < 0 ||
+				    (digit == 0 && i == size-1)) {
 					Py_DECREF(ob);
 					PyErr_SetString(PyExc_ValueError,
 							"bad marshal data");