This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: pickle/cPickle incompatibility
Type: Stage:
Components: Library (Lib) Versions:
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: gvanrossum, ishimoto, loewis
Priority: normal Keywords:

Created on 2002-08-11 13:50 by ishimoto, last changed 2022-04-10 16:05 by admin. This issue is now closed.

Messages (3)
msg11904 - (view) Author: Atsuo Ishimoto (ishimoto) * Date: 2002-08-11 13:50 
In the following case, I found pickle doesn't detect 
insecure string
whereas cPickle does.

>>> import pickle, cPickle
>>> pickle.loads("S'\x5c'\np0\n.")
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/local/lib/python2.1/pickle.py", line 
951, in loads
    return Unpickler(file).load()
  File "/usr/local/lib/python2.1/pickle.py", line 
567, in load
    dispatch[key](self)
  File "/usr/local/lib/python2.1/pickle.py", line 
635, in load_string
    {'__builtins__': {}})) # Let's be careful
  File "<string>", line 1
    '\'
     ^
SyntaxError: invalid token
>>> cPickle.loads("S'\x5c'\np0\n.")
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
ValueError: insecure string pickle
>>>


This is because pickle.Unpickler._is_string_secure() 
return 1 if string
contains one or more quote characters, whether 
they are escaped or not.
msg11905 - (view) Author: Guido van Rossum (gvanrossum) * (Python committer) Date: 2002-08-11 14:10 
Logged In: YES 
user_id=6380

I assume patch #505705 will fix this too.
msg11906 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2002-08-14 08:23 
Logged In: YES 
user_id=21627

This is fixed with

stringobject.c 2.178;
pickletester.py 1.19;
History
Date User Action Args
2022-04-10 16:05:35adminsetgithub: 37015
2002-08-11 13:50:46ishimotocreate