New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pickling bound methods #36622
Comments
Last week I noticed that the pickle and cPickle modules Here is my code: import copy_reg
def pickle_bound_method(method):
return getattr, (method.im_self, method.__name__)
class _Foo:
def bar(self):
pass
_foo = _Foo()
copy_reg.constructor(getattr)
copy_reg.pickle(type(_foo.bar), pickle_bound_method) |
Logged In: YES Making getattr a safe_constructor has security implictions |
Logged In: YES Can you perhaps rewrite this to use new.instancemethod? |
Logged In: YES Of course: import copy_reg
def get_method(object, name):
klass = object.__class__
fn = klass.__dict__[name]
return new.instancemethod(fn, object, klass)
def pickle_bound_method(method):
return get_method, (method.im_self, method.__name__)
class _Foo:
def bar(self):
pass
_foo = _Foo()
copy_reg.constructor(get_method)
copy_reg.pickle(type(_foo.bar), pickle_bound_method) |
Logged In: YES That sounds good to me; I'm going to install it. |
Logged In: YES Reconsidering: It fails to work in the presence of >>> class B:
... def foo(self):pass
...
>>> class D(B):pass
...
>>> d = D()
>>> m = d.foo
>>> m.im_self
<__main__.D instance at 0x1ccb28>
>>> m.__name__
'foo'
>>> D.__dict__['foo']
Traceback (most recent call last):
File "<stdin>", line 1, in ?
KeyError: foo
>>> |
Logged In: YES True. Would it be a security problem to use getattr inside a def get_method(object, name):
klass = object.__class__
fn = getattr(klass, name)
return new.instancemethod(fn, object, klass) This would be difficult to abuse as a general getattr |
Logged In: YES My concern is that the getattr call already creates a |
Logged In: YES Any progress on this one? |
Logged In: YES There was some discussion on python-dev (initiated by |
Personally, I don't see how adding this feature would create a security Unless there is still a need for this feature, I think this bug should |
I am leaving this issue open for now. I reconsidered whether we should add pickle support for methods and I |
See also bpo-3657. For some reasons, C bound methods aliased as module globals can be pickled, but not similarly aliased Python bound methods: >>> random.random, random.seed
(<built-in method random of Random object at 0x27abe20>, <bound method Random.seed of <random.Random object at 0x27abe20>>)
>>> pickle.dumps(random.random)
b'\x80\x03crandom\nrandom\nq\x00.'
>>> pickle.dumps(random.seed)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/antoine/py3k/__svn__/Lib/pickle.py", line 1314, in dumps
Pickler(f, protocol, fix_imports=fix_imports).dump(obj)
_pickle.PicklingError: Can't pickle <class 'method'>: attribute lookup builtins.method failed |
Let's continue the discussion on bpo-9276. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: