Title: Add pickle.loads fuzz test
Type: security Stage:
Components: Tests Versions: Python 3.10
Status: open Resolution:
Dependencies: Superseder:
Assigned To: gregory.p.smith Nosy List: Bruce Day, gregory.p.smith
Priority: normal Keywords:

Created on 2020-07-03 10:48 by Bruce Day, last changed 2020-11-26 07:24 by gregory.p.smith.

Pull Requests
URL Status Linked Edit
PR 21289 open Bruce Day, 2020-07-03 10:48
Messages (2)
msg372916 - (view) Author: Bruce Day (Bruce Day) Date: 2020-07-03 10:48
add pickle.loads(x) fuzz test
msg381880 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2020-11-26 07:24
Given that pickle is documented as:

Warning The pickle module is not secure. Only unpickle data you trust.

It is possible to construct malicious pickle data which will execute arbitrary code during unpickling.

What is fuzzing pickle.loads() expected to accomplish?
Date User Action Args
2020-11-26 07:24:08gregory.p.smithsetassignee: gregory.p.smith

messages: + msg381880
nosy: + gregory.p.smith
2020-07-03 10:48:09Bruce Daycreate