Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pickle segfault or MemoryError on invalid input #48548

Closed
hagen mannequin opened this issue Nov 11, 2008 · 3 comments
Closed

pickle segfault or MemoryError on invalid input #48548

hagen mannequin opened this issue Nov 11, 2008 · 3 comments
Labels
stdlib Python modules in the Lib dir type-crash A hard crash of the interpreter, possibly with a core dump

Comments

@hagen
Copy link
Mannequin

hagen mannequin commented Nov 11, 2008

BPO 4298
Nosy @amauryfa
Files
  • py3k_set_EOFError_when_invalid_result_size.patch
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = <Date 2008-11-11.20:05:39.117>
created_at = <Date 2008-11-11.15:07:50.618>
labels = ['library', 'type-crash']
title = 'pickle segfault or MemoryError on invalid input'
updated_at = <Date 2008-11-11.20:05:39.058>
user = 'https://bugs.python.org/hagen'

    bugs.python.org fields:

    activity = <Date 2008-11-11.20:05:39.058>
actor = 'amaury.forgeotdarc'
assignee = 'none'
closed = True
closed_date = <Date 2008-11-11.20:05:39.117>
closer = 'amaury.forgeotdarc'
components = ['Library (Lib)']
creation = <Date 2008-11-11.15:07:50.618>
creator = 'hagen'
dependencies = []
files = ['11987']
hgrepos = []
issue_num = 4298
keywords = ['patch']
message_count = 3.0
messages = ['75743', '75748', '75758']
nosy_count = 3.0
nosy_names = ['amaury.forgeotdarc', 'ocean-city', 'hagen']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = None
status = 'closed'
superseder = None
type = 'crash'
url = 'https://bugs.python.org/issue4298'
versions = ['Python 3.0']
    @hagen
    Copy link
    Mannequin Author

    hagen mannequin commented Nov 11, 2008

    On a 64-bit build pickle.loads segfaults on the following bytes. (Same
    for pickle.load on a corresponding file.) On a 32-bit build there is
    only a MemoryError.

    Python 3.0rc2 (r30rc2:67114, Nov 10 2008, 12:09:54)
[GCC 4.1.2 20070925 (Red Hat 4.1.2-27)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pickle
>>> pickle.loads(bytes([0x58, 0, 0, 0, 0x54]))
Segmentation fault

    @hagen hagen mannequin added stdlib Python modules in the Lib dir type-crash A hard crash of the interpreter, possibly with a core dump labels Nov 11, 2008
    @ocean-city
    Copy link
    Mannequin

    ocean-city mannequin commented Nov 11, 2008

    See trunk/Modules/cPickle.c(609).

    static Py_ssize_t
read_cStringIO(Unpicklerobject *self, char **s, Py_ssize_t  n)
{
	char *ptr;

	if (PycStringIO->cread((PyObject *)self->file, &ptr, n) != n) {
		PyErr_SetNone(PyExc_EOFError);
		return -1;
	}
    \*s = ptr;

    	return n;
}

    It's checking the length of returned string and if not match, raises
    EOFError. But there is no corresponding code in py3k.

    I hope attached patch will fix this issue.

    @amauryfa
    Copy link
    Member

    Fixed in r67187. Thanks for the report, and for the patch!

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    stdlib Python modules in the Lib dir type-crash A hard crash of the interpreter, possibly with a core dump
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    1 participant
    @amauryfa