[Python-checkins] cpython (merge 3.3 -> default): Issue #18339: Negative ints keys in unpickler.memo dict no longer cause a

christian.heimes python-checkins at python.org
Mon Jul 1 15:19:01 CEST 2013 

http://hg.python.org/cpython/rev/f3372692ca20
changeset:   84408:f3372692ca20
parent:      84406:636947fe131e
parent:      84407:17b7af660f82
user:        Christian Heimes <christian at cheimes.de>
date:        Mon Jul 01 15:18:49 2013 +0200
summary:
  Issue #18339: Negative ints keys in unpickler.memo dict no longer cause a
segfault inside the _pickle C extension.

files:
  Lib/test/test_pickle.py |  7 +++++++
  Misc/NEWS               |  3 +++
  Modules/_pickle.c       |  5 +++++
  3 files changed, 15 insertions(+), 0 deletions(-)


diff --git a/Lib/test/test_pickle.py b/Lib/test/test_pickle.py
--- a/Lib/test/test_pickle.py
+++ b/Lib/test/test_pickle.py
@@ -115,6 +115,13 @@
         pickler_class = _pickle.Pickler
         unpickler_class = _pickle.Unpickler
 
+        def test_issue18339(self):
+            unpickler = self.unpickler_class(io.BytesIO())
+            self.assertRaises(TypeError, setattr, unpickler, "memo", object)
+            # used to cause a segfault
+            self.assertRaises(ValueError, setattr, unpickler, "memo", {-1: None})
+            unpickler.memo = {1: None}
+
     class CDispatchTableTests(AbstractDispatchTableTests):
         pickler_class = pickle.Pickler
         def get_dispatch_table(self):
diff --git a/Misc/NEWS b/Misc/NEWS
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -135,6 +135,9 @@
 Library
 -------
 
+- Issue #18339: Negative ints keys in unpickler.memo dict no longer cause a
+  segfault inside the _pickle C extension.
+
 - Issue 18240: The HMAC module is no longer restricted to bytes and accepts
   any bytes-like object, e.g. memoryview. Original patch by Jonas Borgström.
 
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -5952,6 +5952,11 @@
             idx = PyLong_AsSsize_t(key);
             if (idx == -1 && PyErr_Occurred())
                 goto error;
+            if (idx < 0) {
+                PyErr_SetString(PyExc_ValueError,
+                                "memos key must be positive integers.");
+                goto error;
+            }
             if (_Unpickler_MemoPut(self, idx, value) < 0)
                 goto error;
         }

-- 
Repository URL: http://hg.python.org/cpython

More information about the Python-checkins mailing list