[Python-checkins] [2.7] bpo-36149 Fix potential use of uninitialized memory in cPickle (#12105)
T. Wouters
webhook-mailer at python.org
Mon Mar 4 13:52:13 EST 2019
https://github.com/python/cpython/commit/d9bf7f4198871132714cfe7d702baaa02206e9f1
commit: d9bf7f4198871132714cfe7d702baaa02206e9f1
branch: 2.7
author: T. Wouters <thomas at python.org>
committer: GitHub <noreply at github.com>
date: 2019-03-04T10:52:07-08:00
summary:
[2.7] bpo-36149 Fix potential use of uninitialized memory in cPickle (#12105)
Fix off-by-one bug in cPickle that caused it to use uninitialised memory on truncated pickles read from FILE*s.
files:
A Misc/NEWS.d/next/Core and Builtins/2019-02-28-13-52-18.bpo-36149.GJdnh4.rst
M Modules/cPickle.c
diff --git a/Misc/NEWS.d/next/Core and Builtins/2019-02-28-13-52-18.bpo-36149.GJdnh4.rst b/Misc/NEWS.d/next/Core and Builtins/2019-02-28-13-52-18.bpo-36149.GJdnh4.rst
new file mode 100644
index 000000000000..672db6c1fc07
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2019-02-28-13-52-18.bpo-36149.GJdnh4.rst
@@ -0,0 +1,2 @@
+Fix use of uninitialized memory in cPickle when reading a truncated pickle
+from a file object.
diff --git a/Modules/cPickle.c b/Modules/cPickle.c
index 914ebb3eebee..f7c6feccafd0 100644
--- a/Modules/cPickle.c
+++ b/Modules/cPickle.c
@@ -586,12 +586,15 @@ readline_file(Unpicklerobject *self, char **s)
while (1) {
Py_ssize_t bigger;
char *newbuf;
- for (; i < (self->buf_size - 1); i++) {
- if (feof(self->fp) ||
- (self->buf[i] = getc(self->fp)) == '\n') {
- self->buf[i + 1] = '\0';
+ while (i < (self->buf_size - 1)) {
+ int newchar = getc(self->fp);
+ if (newchar != EOF) {
+ self->buf[i++] = newchar;
+ }
+ if (newchar == EOF || newchar == '\n') {
+ self->buf[i] = '\0';
*s = self->buf;
- return i + 1;
+ return i;
}
}
if (self->buf_size > (PY_SSIZE_T_MAX >> 1)) {
More information about the Python-checkins
mailing list