New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pickler.dump from a badly initialized Pickler segfaults #47914
Comments
This script segfaults: import _pickle obj.dump(0)
### [Switching to Thread -1210775360 (LWP 19096)] Found using Fusil. |
pickler_write() has no check for self->write_buf == NULL Suggested patch: --- Modules/_pickle.c (Revision 66010)
+++ Modules/_pickle.c (Arbeitskopie)
@@ -421,6 +421,10 @@
{
PyObject *data, *result;
+ if (self->write_buf == NULL) {
+ PyErr_SetString(PyExc_SystemError, "Invalid write buffer");
+ return -1;
+ }
if (s == NULL) {
if (!(self->buf_size))
return 0; |
Oh, that's nasty. Recalling __init__ with bad arguments breaks the Adding a NULL check in pickler_write will only fix this particular |
Unpickler looks safe as Unpickler_load() checks if Unpickler was |
I will try to find time next weekend to fix this (and other pickle |
Here's the fix. The added check in Pickler_dump should prevent any I also added the check proposed by Christian as a safe-guard in case a |
Rather than attach a full _pickle.c file, please generate a unified diff |
Oops. I must have been quite tired when I submitted that. Here's the patch for the fix and the test case. |
The patch is fine. |
Amaury, please apply the patch and close the issue. Thanks! |
Committed r66963. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: