[Python-checkins] [3.13] gh-135321: Always raise a correct exception for BINSTRING argument > 0x7fffffff in pickle (GH-135322) (GH-135383)

Wed, 11 Jun 2025 04:01:19 -0700 

https://github.com/python/cpython/commit/871adc8e9f521b3e2032c1a5c35d9300f092d341
commit: 871adc8e9f521b3e2032c1a5c35d9300f092d341
branch: 3.13
author: Miss Islington (bot) <31488909+miss-isling...@users.noreply.github.com>
committer: serhiy-storchaka <storch...@gmail.com>
date: 2025-06-11T14:00:59+03:00
summary:

[3.13] gh-135321: Always raise a correct exception for BINSTRING argument > 
0x7fffffff in pickle (GH-135322) (GH-135383)

(cherry picked from commit 2b8b4774d29a707330d463f226630185cbd3ceff)

Co-authored-by: Justin Applegate <70449145+legoclo...@users.noreply.github.com>
Co-authored-by: Serhiy Storchaka <storch...@gmail.com>

files:
A Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst
M Lib/test/pickletester.py
M Modules/_pickle.c

diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py
index 0cd236ab249b1e..c0d4c8f43b9656 100644
--- a/Lib/test/pickletester.py
+++ b/Lib/test/pickletester.py
@@ -1080,6 +1080,11 @@ def test_large_32b_binunicode8(self):
         self.check_unpickling_error((pickle.UnpicklingError, OverflowError),
                                     dumped)
 
+    def test_large_binstring(self):
+        errmsg = 'BINSTRING pickle has negative byte count'
+        with self.assertRaisesRegex(pickle.UnpicklingError, errmsg):
+            self.loads(b'T\0\0\0\x80')
+
     def test_get(self):
         pickled = b'((lp100000\ng100000\nt.'
         unpickled = self.loads(pickled)
diff --git 
a/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst 
b/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst
new file mode 100644
index 00000000000000..9e63d8e28b7696
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-06-10-00-42-30.gh-issue-135321.UHh9jT.rst
@@ -0,0 +1 @@
+Raise a correct exception for values greater than 0x7fffffff for the 
``BINSTRING`` opcode in the C implementation of :mod:`pickle`.
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index 1ef380d1cd7933..409b31872d5bdd 100644
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -5453,17 +5453,16 @@ static int
 load_counted_binstring(PickleState *st, UnpicklerObject *self, int nbytes)
 {
     PyObject *obj;
-    Py_ssize_t size;
+    long size;
     char *s;
 
     if (_Unpickler_Read(self, st, &s, nbytes) < 0)
         return -1;
 
-    size = calc_binsize(s, nbytes);
+    size = calc_binint(s, nbytes);
     if (size < 0) {
-        PyErr_Format(st->UnpicklingError,
-                     "BINSTRING exceeds system's maximum size of %zd bytes",
-                     PY_SSIZE_T_MAX);
+        PyErr_SetString(st->UnpicklingError,
+                     "BINSTRING pickle has negative byte count");
         return -1;
     }
 

_______________________________________________
Python-checkins mailing list -- python-checkins@python.org
To unsubscribe send an email to python-checkins-le...@python.org
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: arch...@mail-archive.com

Reply via email to