From 407c1daefddafbfd0f4711a4c8dbd0c335ca412e Mon Sep 17 00:00:00 2001 From: Justin Applegate Date: Mon, 9 Jun 2025 20:36:21 -0400 Subject: [PATCH 1/6] Changing data type of `size` variable for C implementation of pickle opcode `BINSTRING` to `int` from `Py_ssize_t` --- Modules/_pickle.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Modules/_pickle.c b/Modules/_pickle.c index 86d8b38620cb7f..f9a422900c92c1 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -5543,7 +5543,7 @@ static int load_counted_binstring(PickleState *st, UnpicklerObject *self, int nbytes) { PyObject *obj; - Py_ssize_t size; + int size; char *s; if (_Unpickler_Read(self, st, &s, nbytes) < 0) @@ -5551,9 +5551,8 @@ load_counted_binstring(PickleState *st, UnpicklerObject *self, int nbytes) size = calc_binsize(s, nbytes); if (size < 0) { - PyErr_Format(st->UnpicklingError, - "BINSTRING exceeds system's maximum size of %zd bytes", - PY_SSIZE_T_MAX); + PyErr_SetString(st->UnpicklingError, + "BINSTRING pickle has negative byte count"); return -1; } From 1567cacf8b4808805868d4929b359ca87a7c03f7 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Tue, 10 Jun 2025 00:42:32 +0000 Subject: [PATCH 2/6] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst diff --git a/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst b/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst new file mode 100644 index 00000000000000..e8971477f822cd --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst @@ -0,0 +1 @@ +The ``BINSTRING`` opcode of the C accelerator implementation of :mod:`pickle` was modified to have a signed 32-bit data type instead of 64-bit, keeping in line with the Python implementation of :mod:`pickle` and :mod:`pickletools`. From 8e4382e308f1b31484185f6826dd438caed10860 Mon Sep 17 00:00:00 2001 From: Justin Applegate Date: Tue, 10 Jun 2025 16:12:50 -0400 Subject: [PATCH 3/6] Added test and fixed NEWS message --- Lib/test/pickletester.py | 5 +++++ .../Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py index 9d6ae3e4d00ece..2a85e31078c469 100644 --- a/Lib/test/pickletester.py +++ b/Lib/test/pickletester.py @@ -1100,6 +1100,11 @@ def test_large_32b_binunicode8(self): self.check_unpickling_error((pickle.UnpicklingError, OverflowError), dumped) + def test_large_binstring(self): + errmsg = 'UnpicklingError: BINSTRING pickle has negative byte count' + with self.assertRaisesRegex(pickle.UnpicklingError, errmsg): + self.loads(b'T\0\0\0\x80') + def test_get(self): pickled = b'((lp100000\ng100000\nt.' unpickled = self.loads(pickled) diff --git a/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst b/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst index e8971477f822cd..9e63d8e28b7696 100644 --- a/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst +++ b/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst @@ -1 +1 @@ -The ``BINSTRING`` opcode of the C accelerator implementation of :mod:`pickle` was modified to have a signed 32-bit data type instead of 64-bit, keeping in line with the Python implementation of :mod:`pickle` and :mod:`pickletools`. +Raise a correct exception for values greater than 0x7fffffff for the ``BINSTRING`` opcode in the C implementation of :mod:`pickle`. From 6b64d61699a4bbca005575e9b24f0f0a1c7e4003 Mon Sep 17 00:00:00 2001 From: Justin Applegate <70449145+Legoclones@users.noreply.github.com> Date: Tue, 10 Jun 2025 16:13:36 -0400 Subject: [PATCH 4/6] Update Modules/_pickle.c Fix size Co-authored-by: Serhiy Storchaka --- Modules/_pickle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/_pickle.c b/Modules/_pickle.c index f9a422900c92c1..e885c4b07962db 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -5543,7 +5543,7 @@ static int load_counted_binstring(PickleState *st, UnpicklerObject *self, int nbytes) { PyObject *obj; - int size; + long size; char *s; if (_Unpickler_Read(self, st, &s, nbytes) < 0) From 98838dae9678bd94ee7638f4adcae139b0fa96c5 Mon Sep 17 00:00:00 2001 From: Justin Applegate <70449145+Legoclones@users.noreply.github.com> Date: Tue, 10 Jun 2025 16:13:51 -0400 Subject: [PATCH 5/6] Update Modules/_pickle.c Co-authored-by: Serhiy Storchaka --- Modules/_pickle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/_pickle.c b/Modules/_pickle.c index e885c4b07962db..cf3ceb43fb3f3f 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -5549,7 +5549,7 @@ load_counted_binstring(PickleState *st, UnpicklerObject *self, int nbytes) if (_Unpickler_Read(self, st, &s, nbytes) < 0) return -1; - size = calc_binsize(s, nbytes); + size = calc_binint(s, nbytes); if (size < 0) { PyErr_SetString(st->UnpicklingError, "BINSTRING pickle has negative byte count"); From 606f9b6175ef874f809484ba9aca507539939694 Mon Sep 17 00:00:00 2001 From: Serhiy Storchaka Date: Wed, 11 Jun 2025 12:48:53 +0300 Subject: [PATCH 6/6] Update Lib/test/pickletester.py --- Lib/test/pickletester.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py index 2a85e31078c469..9a3a26a8400844 100644 --- a/Lib/test/pickletester.py +++ b/Lib/test/pickletester.py @@ -1101,7 +1101,7 @@ def test_large_32b_binunicode8(self): dumped) def test_large_binstring(self): - errmsg = 'UnpicklingError: BINSTRING pickle has negative byte count' + errmsg = 'BINSTRING pickle has negative byte count' with self.assertRaisesRegex(pickle.UnpicklingError, errmsg): self.loads(b'T\0\0\0\x80')