Message117494
As an example of malicious pickle causing "excessive" memory usage, you can simply write:
>>> s = b'\x80\x03cbuiltins\nbytearray\nq\x00J\x00\x00\x00\x7f\x85q\x01Rq\x02.'
>>> _ = pickle.loads(s)
This will allocate an almost 2GB bytearray. You can of course change the size as you like. Here is the disassembly:
>>> pickletools.dis(s)
0: \x80 PROTO 3
2: c GLOBAL 'builtins bytearray'
22: q BINPUT 0
24: J BININT 2130706432
29: \x85 TUPLE1
30: q BINPUT 1
32: R REDUCE
33: q BINPUT 2
35: . STOP
highest protocol among opcodes = 2
Therefore, I would recommend closing this issue. |
|
Date |
User |
Action |
Args |
2010-09-28 00:27:19 | pitrou | set | recipients:
+ pitrou, alexandre.vassalotti |
2010-09-28 00:27:18 | pitrou | set | messageid: <1285633638.73.0.969141786557.issue9965@psf.upfronthosting.co.za> |
2010-09-28 00:27:17 | pitrou | link | issue9965 messages |
2010-09-28 00:27:16 | pitrou | create | |
|