This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: pickle.loads() crashes interpreter on invalid input
Type: crash Stage: resolved
Components: Versions: Python 3.8
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, kalekundert
Priority: normal Keywords:

Created on 2021-01-11 21:12 by kalekundert, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (2)
msg384865 - (view) Author: Kale Kundert (kalekundert) Date: 2021-01-11 21:12
I expect `pickle.loads()` to raise `_pickle.UnpicklingError` for any invalid input, but for the specific example shown below, the interpreter crashes after attempting to allocate >16GB of memory.  Note that this input does not have the pickle header (b'0x80'), so it should be easy to distinguish from valid input.

$ python
Python 3.8.2 (default, Apr 13 2020, 11:02:04) 
[Clang 9.0.1 ] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pickle
>>> pickle.loads(b'January 11')
[1]    624227 killed     python3
msg384866 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-01-11 21:59
The pickle module is not safe against malicious or faulty data. Invalid data can cause code injects or even segfaults. It's a know and documented behavior,
Date User Action Args
2022-04-11 14:59:40adminsetgithub: 87064
2021-01-11 21:59:43christian.heimessetstatus: open -> closed

nosy: + christian.heimes
messages: + msg384866

resolution: not a bug
stage: resolved
2021-01-11 21:13:06kalekundertsettype: crash
versions: + Python 3.8
2021-01-11 21:12:27kalekundertcreate