changeset:   101453:3d7b7aa89437
user:        Victor Stinner <victor.stinner@gmail.com>
date:        Fri May 20 21:16:59 2016 +0200
files:       Modules/_pickle.c
description:
Issue #27056: Fix _Unpickler_Read() to avoid integer overflow


diff -r 708d847ec412 -r 3d7b7aa89437 Modules/_pickle.c
--- a/Modules/_pickle.c	Fri May 20 11:31:55 2016 -0400
+++ b/Modules/_pickle.c	Fri May 20 21:16:59 2016 +0200
@@ -1244,7 +1244,7 @@
    Returns -1 (with an exception set) on failure. On success, return the
    number of chars read. */
 #define _Unpickler_Read(self, s, n) \
-    (((self)->next_read_idx + (n) <= (self)->input_len)      \
+    (((n) <= (self)->input_len - (self)->next_read_idx)      \
      ? (*(s) = (self)->input_buffer + (self)->next_read_idx, \
         (self)->next_read_idx += (n),                        \
         (n))                                                 \