This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Add pickle.loads fuzz test
Type: security Stage: resolved
Components: Tests Versions: Python 3.10
Status: closed Resolution: rejected
Dependencies: Superseder:
Assigned To: gregory.p.smith Nosy List: Bruce Day, gregory.p.smith
Priority: normal Keywords:

Created on 2020-07-03 10:48 by Bruce Day, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 21289 closed Bruce Day, 2020-07-03 10:48
Messages (2)
msg372916 - (view) Author: Bruce Day (Bruce Day) Date: 2020-07-03 10:48
add pickle.loads(x) fuzz test
msg381880 - (view) Author: Gregory P. Smith (gregory.p.smith) * (Python committer) Date: 2020-11-26 07:24
Given that pickle is documented as:

Warning The pickle module is not secure. Only unpickle data you trust.

It is possible to construct malicious pickle data which will execute arbitrary code during unpickling.

What is fuzzing pickle.loads() expected to accomplish?
Date User Action Args
2022-04-11 14:59:33adminsetgithub: 85372
2021-03-14 02:22:03gregory.p.smithsetstatus: open -> closed
resolution: rejected
stage: resolved
2020-11-26 07:24:08gregory.p.smithsetassignee: gregory.p.smith

messages: + msg381880
nosy: + gregory.p.smith
2020-07-03 10:48:09Bruce Daycreate