Author serhiy.storchaka
Recipients barry, christian.heimes, kristjan.jonsson, pitrou, ronaldoussoren, serhiy.storchaka, vstinner
Date 2013-10-11.13:10:54
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1381497054.83.0.689078566159.issue19219@psf.upfronthosting.co.za>
In-reply-to
Content
> The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source.

Then we can simplify the marshal module by dropping all error handling: f.read() returned not bytes, read() returned too much data, EOF read where not expected, recursion limit exceeded, long/string/unicode/tuple/list/set size out of range, unnormalized long data, digit out of range in long, index list too large, invalid reference, unknown type code, NULL object in marshal data for set, UTF8 decoding errors, string to float converting errors, etc, etc. Sorry for sarcasm.

> It's exactly what you suggest: reuse PyUnicode_AsUTF8String().

Actually _PyUnicode_UTF8(). PyUnicode_AsUTF8String() creates UTF8 cache if it is not exists and this can be not desired. We could use this optimization in many other places, in particular in PyUnicode_AsUTF8String() itself.
History
Date User Action Args
2013-10-11 13:10:54serhiy.storchakasetrecipients: + serhiy.storchaka, barry, ronaldoussoren, pitrou, kristjan.jonsson, vstinner, christian.heimes
2013-10-11 13:10:54serhiy.storchakasetmessageid: <1381497054.83.0.689078566159.issue19219@psf.upfronthosting.co.za>
2013-10-11 13:10:54serhiy.storchakalinkissue19219 messages
2013-10-11 13:10:54serhiy.storchakacreate