changeset: 97040:f6e399ae670f parent: 97034:3bbd0cbfe836 parent: 97039:d8229c26dd92 user: Serhiy Storchaka date: Fri Jul 24 09:07:12 2015 +0300 files: Misc/NEWS description: Issue #24620: Random.setstate() now validates the value of state last element. diff -r 3bbd0cbfe836 -r f6e399ae670f Lib/test/test_random.py --- a/Lib/test/test_random.py Fri Jul 24 00:43:44 2015 -0400 +++ b/Lib/test/test_random.py Fri Jul 24 09:07:12 2015 +0300 @@ -338,6 +338,11 @@ self.assertRaises(TypeError, self.gen.setstate, (2, ('a',)*625, None)) # Last element s/b an int also self.assertRaises(TypeError, self.gen.setstate, (2, (0,)*624+('a',), None)) + # Last element s/b between 0 and 624 + with self.assertRaises((ValueError, OverflowError)): + self.gen.setstate((2, (1,)*624+(625,), None)) + with self.assertRaises((ValueError, OverflowError)): + self.gen.setstate((2, (1,)*624+(-1,), None)) # Little trick to make "tuple(x % (2**32) for x in internalstate)" # raise ValueError. I cannot think of a simple way to achieve this, so diff -r 3bbd0cbfe836 -r f6e399ae670f Misc/NEWS --- a/Misc/NEWS Fri Jul 24 00:43:44 2015 -0400 +++ b/Misc/NEWS Fri Jul 24 09:07:12 2015 +0300 @@ -57,6 +57,8 @@ Library ------- +- Issue #24620: Random.setstate() now validates the value of state last element. + - Issue #22485: Fixed an issue that caused `inspect.getsource` to return incorrect results on nested functions. diff -r 3bbd0cbfe836 -r f6e399ae670f Modules/_randommodule.c --- a/Modules/_randommodule.c Fri Jul 24 00:43:44 2015 -0400 +++ b/Modules/_randommodule.c Fri Jul 24 09:07:12 2015 +0300 @@ -335,6 +335,10 @@ index = PyLong_AsLong(PyTuple_GET_ITEM(state, i)); if (index == -1 && PyErr_Occurred()) return NULL; + if (index < 0 || index > N) { + PyErr_SetString(PyExc_ValueError, "invalid state"); + return NULL; + } self->index = (int)index; Py_INCREF(Py_None);