From be92971b38c68fe472d908bdc8aa185963473308 Mon Sep 17 00:00:00 2001
From: Antoine Pitrou <solipsis@pitrou.net>
Date: Mon, 15 Apr 2013 21:35:25 +0200
Subject: [PATCH] Issue #17710: Fix cPickle raising a SystemError on bogus
 input.

---
 Lib/pickle.py            |  2 +-
 Lib/test/pickletester.py |  2 ++
 Misc/NEWS                |  2 ++
 Modules/cPickle.c        | 10 ++++++----
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/Lib/pickle.py b/Lib/pickle.py
index 5b95cbaca760..508e858d8169 100644
--- a/Lib/pickle.py
+++ b/Lib/pickle.py
@@ -962,7 +962,7 @@ class Unpickler:
         rep = self.readline()[:-1]
         for q in "\"'": # double or single quote
             if rep.startswith(q):
-                if not rep.endswith(q):
+                if len(rep) < 2 or not rep.endswith(q):
                     raise ValueError, "insecure string pickle"
                 rep = rep[len(q):-len(q)]
                 break
diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py
index 7f43dfb90bad..34cafcb7b860 100644
--- a/Lib/test/pickletester.py
+++ b/Lib/test/pickletester.py
@@ -538,6 +538,8 @@ class AbstractPickleTests(unittest.TestCase):
                     "'abc\"", # open quote and close quote don't match
                     "'abc'   ?", # junk after close quote
                     "'\\'", # trailing backslash
+                    "'",    # issue #17710
+                    "' ",   # issue #17710
                     # some tests of the quoting rules
                     #"'abc\"\''",
                     #"'\\\\a\'\'\'\\\'\\\\\''",
diff --git a/Misc/NEWS b/Misc/NEWS
index 3ccdb10bfa52..fc817401dfeb 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -28,6 +28,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #17710: Fix cPickle raising a SystemError on bogus input.
+
 - Issue #17341: Include the invalid name in the error messages from re about
   invalid group names.
 
diff --git a/Modules/cPickle.c b/Modules/cPickle.c
index d74ec5b7bbab..8145bbf381a0 100644
--- a/Modules/cPickle.c
+++ b/Modules/cPickle.c
@@ -3643,17 +3643,19 @@ load_string(Unpicklerobject *self)
 
 
     /* Strip outermost quotes */
-    while (s[len-1] <= ' ')
+    while (len > 0 && s[len-1] <= ' ')
         len--;
-    if(s[0]=='"' && s[len-1]=='"'){
+    if (len > 1 && s[0]=='"' && s[len-1]=='"') {
         s[len-1] = '\0';
         p = s + 1 ;
         len -= 2;
-    } else if(s[0]=='\'' && s[len-1]=='\''){
+    }
+    else if (len > 1 && s[0]=='\'' && s[len-1]=='\'') {
         s[len-1] = '\0';
         p = s + 1 ;
         len -= 2;
-    } else
+    }
+    else
         goto insecure;
     /********************************************/
 
-- 
2.47.3