cpython: 935debb548a3 (original) (raw)

Mercurial > cpython

changeset 99340:935debb548a3

Issue #25725: Fixed a reference leak in pickle.loads() when unpickling invalid data including tuple instructions. [#25725]

line wrap: on

line diff

--- a/Misc/NEWS +++ b/Misc/NEWS @@ -95,6 +95,9 @@ Core and Builtins Library ------- +- Issue #25725: Fixed a reference leak in pickle.loads() when unpickling

• invalid data including tuple instructions. +

• Issue #25663: In the Readline completer, avoid listing duplicate global names, and search the global namespace before searching builtins.

--- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -5047,15 +5047,14 @@ load_counted_binunicode(UnpicklerObject } static int -load_tuple(UnpicklerObject *self) +load_counted_tuple(UnpicklerObject *self, int len) { PyObject *tuple;

• Py_ssize_t i;

-

• if ((i = marker(self)) < 0)

•    return -1;[](#l2.14)

-

• tuple = Pdata_poptuple(self->stack, i);

+

• if (Py_SIZE(self->stack) < len)

•    return stack_underflow();[](#l2.19)

+

• tuple = Pdata_poptuple(self->stack, Py_SIZE(self->stack) - len); if (tuple == NULL) return -1; PDATA_PUSH(self->stack, tuple, -1); @@ -5063,24 +5062,14 @@ load_tuple(UnpicklerObject *self) }

static int -load_counted_tuple(UnpicklerObject *self, int len) -{

• PyObject *tuple;

-

• tuple = PyTuple_New(len);
• if (tuple == NULL)

•    return -1;[](#l2.35)

-

• while (--len >= 0) {

•    PyObject *item;[](#l2.38)

-

•    PDATA_POP(self->stack, item);[](#l2.40)

•    if (item == NULL)[](#l2.41)

•        return -1;[](#l2.42)

•    PyTuple_SET_ITEM(tuple, len, item);[](#l2.43)

• }
• PDATA_PUSH(self->stack, tuple, -1);
• return 0;

+load_tuple(UnpicklerObject *self) +{

• Py_ssize_t i;

+

• if ((i = marker(self)) < 0)

•    return -1;[](#l2.52)

+

• return load_counted_tuple(self, Py_SIZE(self->stack) - i);

} static int