]> git.ipfire.org Git - thirdparty/Python/cpython.git/commitdiff
projects / thirdparty / Python / cpython.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f4049ee)
Issue #27056: Fix _Unpickler_Read() to avoid integer overflow
authorVictor Stinner <victor.stinner@gmail.com>
Fri, 20 May 2016 19:16:59 +0000 (21:16 +0200)
committerVictor Stinner <victor.stinner@gmail.com>
Fri, 20 May 2016 19:16:59 +0000 (21:16 +0200)
Modules/_pickle.c patch | blob | blame | history

diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index e3aa7c50ef497146feafe11965a0681bd754ace0..1c9b9eb11270b3e5a7a271a59f0ff460421dc164 100644 (file)
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -1244,7 +1244,7 @@ _Unpickler_ReadImpl(UnpicklerObject *self, char **s, Py_ssize_t n)
    Returns -1 (with an exception set) on failure. On success, return the
    number of chars read. */
 #define _Unpickler_Read(self, s, n) \
-    (((self)->next_read_idx + (n) <= (self)->input_len)      \
+    (((n) <= (self)->input_len - (self)->next_read_idx)      \
      ? (*(s) = (self)->input_buffer + (self)->next_read_idx, \
         (self)->next_read_idx += (n),                        \
         (n))                                                 \
Mirror of https://github.com/python/cpython.git