Message129206
Antoine is right, my patch is only of "discussion" quality and if my approach gets support, I will produce a more polished patch.
While I am fairly certain that this bug should be fixed where it was introduced, namely in the _pickle module, I am not sure patching both load_binstring() and load_short_binstring() is the right approach.
It may be better to modify _Unpickler_Read() so that it returns self->input_buffer (or even self->input_buffer + self->next_read_idx) for zero n. This would be a cleaner design similar to that for PyMem_Malloc() et al. (Since _Unpickler_Read() is private API and the comment documenting it does not specify that it returns NULL for n = 0, I think this can be done in a bugfix release. Furthermore, I reviewed the uses of _Unpickler_Read() with variable and thus potentially zero size and one of them is followed by a null check for s.)
On the other hand, my patch also eliminates redundant call to _Unpickler_Read() and makes load_binstring() and load_short_binstring() logic similar to that in load_counted_long(). The main advantage, of course is skipping PyUnicode_Decode() which will load a codec potentially triggering an import and execution of python code. |
|
Date |
User |
Action |
Args |
2011-02-23 15:15:31 | belopolsky | set | recipients:
+ belopolsky, lemburg, georg.brandl, jcea, mark.dickinson, ncoghlan, pitrou |
2011-02-23 15:15:31 | belopolsky | set | messageid: <1298474131.25.0.33633579283.issue11286@psf.upfronthosting.co.za> |
2011-02-23 15:15:30 | belopolsky | link | issue11286 messages |
2011-02-23 15:15:30 | belopolsky | create | |
|