From 4547443a970a4a90e80886b9ac3cff1da0d25118 Mon Sep 17 00:00:00 2001
From: Sebastien Binet <binet@cern.ch>
Date: Thu, 21 Mar 2024 15:38:17 +0100
Subject: [PATCH] pickle: handle odd stack items length

loadDict was assuming the items slice popped from the stack was always even.
in the odd case where it was odd, an out-of-bound access was issued.

Fixes #16.

Signed-off-by: Sebastien Binet <binet@cern.ch>
---
 pickle/pickle.go      |  4 ++--
 pickle/pickle_test.go | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/pickle/pickle.go b/pickle/pickle.go
index 9ac0269..c8a9b5e 100644
--- a/pickle/pickle.go
+++ b/pickle/pickle.go
@@ -948,8 +948,8 @@ func loadDict(u *Unpickler) error {
 		return err
 	}
 	d := types.NewDict()
-	itemsLen := len(items)
-	for i := 0; i < itemsLen; i += 2 {
+	n := len(items)
+	for i := 0; i < n-1; i += 2 {
 		d.Set(items[i], items[i+1])
 	}
 	u.append(d)
diff --git a/pickle/pickle_test.go b/pickle/pickle_test.go
index fade21a..709465d 100644
--- a/pickle/pickle_test.go
+++ b/pickle/pickle_test.go
@@ -6,6 +6,7 @@ package pickle
 
 import (
 	"fmt"
+	"io"
 	"math/big"
 	"reflect"
 	"strings"
@@ -754,6 +755,20 @@ func TestP4Carray(t *testing.T) {
 	}
 }
 
+func TestIssue16(t *testing.T) {
+	var (
+		pkl  = "\x28\x88\x88\x88\x88\x88\x88\x88\x64"
+		want = io.EOF
+	)
+	_, err := Loads(pkl)
+	if err == nil {
+		t.Fatalf("expected an error")
+	}
+	if got, want := err.Error(), want.Error(); got != want {
+		t.Fatalf("invalid error:\ngot= %q\nwant=%q", got, want)
+	}
+}
+
 // TODO: test BinPersId
 // TODO: test Get
 // TODO: test BinGet