]> git.ipfire.org Git - thirdparty/Python/cpython.git/commitdiff
projects / thirdparty / Python / cpython.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 30494cc)
[3.14] gh-135321: Always raise a correct exception for BINSTRING argument > 0x7ffffff...
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Wed, 11 Jun 2025 11:01:15 +0000 (13:01 +0200)
committerGitHub <noreply@github.com>
Wed, 11 Jun 2025 11:01:15 +0000 (14:01 +0300)
(cherry picked from commit 2b8b4774d29a707330d463f226630185cbd3ceff)

Co-authored-by: Justin Applegate <70449145+Legoclones@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/test/pickletester.py patch | blob | blame | history
Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst [new file with mode: 0644] patch | blob
Modules/_pickle.c patch | blob | blame | history

diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py
index 9d6ae3e4d00ece31bd88f70b96e9b66669515ebe..9a3a26a8400844eaf1fc8854855be84fa1b0fc63 100644 (file)
--- a/Lib/test/pickletester.py
+++ b/Lib/test/pickletester.py
@@ -1100,6 +1100,11 @@ class AbstractUnpickleTests:
         self.check_unpickling_error((pickle.UnpicklingError, OverflowError),
                                     dumped)
 
+    def test_large_binstring(self):
+        errmsg = 'BINSTRING pickle has negative byte count'
+        with self.assertRaisesRegex(pickle.UnpicklingError, errmsg):
+            self.loads(b'T\0\0\0\x80')
+
     def test_get(self):
         pickled = b'((lp100000\ng100000\nt.'
         unpickled = self.loads(pickled)
diff --git a/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst b/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst
new file mode 100644 (file)
index 0000000..9e63d8e
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst
@@ -0,0 +1 @@
+Raise a correct exception for values greater than 0x7fffffff for the ``BINSTRING`` opcode in the C implementation of :mod:`pickle`.
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index d260f1a68f8c7041823a7bd518095fe815b9974b..2e74d5688629ff7c53d1190edf930ae535a00c2f 100644 (file)
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -5539,17 +5539,16 @@ static int
 load_counted_binstring(PickleState *st, UnpicklerObject *self, int nbytes)
 {
     PyObject *obj;
-    Py_ssize_t size;
+    long size;
     char *s;
 
     if (_Unpickler_Read(self, st, &s, nbytes) < 0)
         return -1;
 
-    size = calc_binsize(s, nbytes);
+    size = calc_binint(s, nbytes);
     if (size < 0) {
-        PyErr_Format(st->UnpicklingError,
-                     "BINSTRING exceeds system's maximum size of %zd bytes",
-                     PY_SSIZE_T_MAX);
+        PyErr_SetString(st->UnpicklingError,
+                     "BINSTRING pickle has negative byte count");
         return -1;
     }
 
Mirror of https://github.com/python/cpython.git