diff options
| author | Antoine Pitrou <solipsis@pitrou.net> | 2013-04-15 21:51:09 +0200 |
|---|---|---|
| committer | Antoine Pitrou <solipsis@pitrou.net> | 2013-04-15 21:51:09 +0200 |
| commit | 3034efdd298ad5f94a61f9f0e8ab0fee1d2d212e (patch) | |
| tree | 42236d2d7518cd4f214de096919718811e7ad3fa | |
| parent | ed3cd7e445e7be413d1b454471454f7ff9f21f1f (diff) | |
| download | cpython-git-3034efdd298ad5f94a61f9f0e8ab0fee1d2d212e.tar.gz | |
Issue #17710: Fix pickle raising a SystemError on bogus input.
| -rw-r--r-- | Lib/pickle.py | 2 | ||||
| -rw-r--r-- | Lib/test/pickletester.py | 8 | ||||
| -rw-r--r-- | Misc/NEWS | 2 | ||||
| -rw-r--r-- | Modules/_pickle.c | 8 |
4 files changed, 15 insertions, 5 deletions
diff --git a/Lib/pickle.py b/Lib/pickle.py index e81a3790c3..161c2e9e74 100644 --- a/Lib/pickle.py +++ b/Lib/pickle.py @@ -951,7 +951,7 @@ class _Unpickler: rep = orig[:-1] for q in (b'"', b"'"): # double or single quote if rep.startswith(q): - if not rep.endswith(q): + if len(rep) < 2 or not rep.endswith(q): raise ValueError("insecure string pickle") rep = rep[len(q):-len(q)] break diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py index 5d12375267..a72ab377c0 100644 --- a/Lib/test/pickletester.py +++ b/Lib/test/pickletester.py @@ -609,6 +609,14 @@ class AbstractPickleTests(unittest.TestCase): b"'abc\"", # open quote and close quote don't match b"'abc' ?", # junk after close quote b"'\\'", # trailing backslash + # Variations on issue #17710 + b"'", + b'"', + b"' ", + b"' ", + b"' ", + b"' ", + b'" ', # some tests of the quoting rules ## b"'abc\"\''", ## b"'\\\\a\'\'\'\\\'\\\\\''", @@ -29,6 +29,8 @@ Core and Builtins Library ------- +- Issue #17710: Fix pickle raising a SystemError on bogus input. + - Issue #17341: Include the invalid name in the error messages from re about invalid group names. diff --git a/Modules/_pickle.c b/Modules/_pickle.c index d0cebd0b17..5564803b88 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -4171,7 +4171,7 @@ load_string(UnpicklerObject *self) if ((len = _Unpickler_Readline(self, &s)) < 0) return -1; - if (len < 3) + if (len < 2) return bad_readline(); if ((s = strdup(s)) == NULL) { PyErr_NoMemory(); @@ -4179,14 +4179,14 @@ load_string(UnpicklerObject *self) } /* Strip outermost quotes */ - while (s[len - 1] <= ' ') + while (len > 0 && s[len - 1] <= ' ') len--; - if (s[0] == '"' && s[len - 1] == '"') { + if (len > 1 && s[0] == '"' && s[len - 1] == '"') { s[len - 1] = '\0'; p = s + 1; len -= 2; } - else if (s[0] == '\'' && s[len - 1] == '\'') { + else if (len > 1 && s[0] == '\'' && s[len - 1] == '\'') { s[len - 1] = '\0'; p = s + 1; len -= 2; |