This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: cPickle "binunicode" segmentation fault
Type: Stage:
Components: Versions: Python 2.4, Python 2.6, Python 2.5
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: amaury.forgeotdarc Nosy List: amaury.forgeotdarc, boogenhagn
Priority: normal Keywords: patch

Created on 2009-07-23 15:15 by boogenhagn, last changed 2022-04-11 14:56 by admin. This issue is now closed.

File name Uploaded Description Edit
pickle_badinput.patch amaury.forgeotdarc, 2009-07-23 16:44
Messages (3)
msg90847 - (view) Author: Patrick Strawderman (boogenhagn) Date: 2009-07-23 15:15
When reading from a file-like object (like StringIO), cPickle uses the
read_other function, which doesn't check that the number of bytes
requested is the actual number of bytes read (like the read_cStringIO
function does).

Functions like load_binunicode falsely assume that the number of bytes
specified after the BINUNICODE instruction are the actual number of
bytes read.  This can eventually lead to a segmentation fault, as
demonstrated in the following example:

import cPickle, StringIO


I have tested and reproduced this on Python 2.4.6 (OS X 32-bit), 2.5.1
(OS X 32-bit), and 2.6.2 (Linux 64-bit).

I have not tested Python 3.x, but I believe this problem may be akin to
the one in issue4298.
msg90848 - (view) Author: Amaury Forgeot d'Arc (amaury.forgeotdarc) * (Python committer) Date: 2009-07-23 16:44
Attached patch fixes the problem.
msg90865 - (view) Author: Amaury Forgeot d'Arc (amaury.forgeotdarc) * (Python committer) Date: 2009-07-23 22:36
Fixed in r74189 (trunk) and r74190 (2.6)
Thanks for the report!
Date User Action Args
2022-04-11 14:56:51adminsetgithub: 50802
2009-07-23 22:36:19amaury.forgeotdarcsetstatus: open -> closed
resolution: fixed
messages: + msg90865
2009-07-23 16:44:08amaury.forgeotdarcsetfiles: + pickle_badinput.patch

nosy: + amaury.forgeotdarc
messages: + msg90848

assignee: amaury.forgeotdarc
keywords: + patch
2009-07-23 15:15:18boogenhagncreate