Message255571
Proposed patch allows unpickler to detect errors related to reading a stack behind a mark.
For now Python implementation just pops a sentinel used as a mark. This can cause TypeError, AttributeError or UnpicklingError besides IndexError:
>>> pickle._loads(b'}(NNs.')
Traceback (most recent call last):
...
TypeError: 'object' object does not support item assignment
>>> pickle._loads(b'](Na.')
Traceback (most recent call last):
...
AttributeError: 'object' object has no attribute 'append'
Or can silently expose the mark object:
>>> pickle._loads(b')(.')
<object object at 0xb71084b0>
>>> pickle._loads(b']](a.')
[<object object at 0xb71084d8>]
C implementation just ignores incorrect mark:
>>> pickle.loads(b'}(NNs.')
{None: None}
>>> pickle.loads(b'](Na.')
[None]
>>> pickle.loads(b')(.')
()
>>> pickle.loads(b']](a.')
[[]]
But in case of complex data this can cause errors later.
With the patch C implementation always raises UnpicklingError with relevant message and Python implementation always raises IndexError.
>>> pickle.loads(b'}(NNs.')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'pickle' is not defined
>>> import pickle, pickletools
>>> pickle.loads(b'}(NNs.')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
_pickle.UnpicklingError: unexpected MARK found
>>> pickle.loads(b'](Na.')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
_pickle.UnpicklingError: unexpected MARK found
>>> pickle.loads(b')(.')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
_pickle.UnpicklingError: unexpected MARK found
>>> pickle.loads(b']](a.')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
_pickle.UnpicklingError: unexpected MARK found
>>> pickle._loads(b'}(NNs.')
Traceback (most recent call last):
...
IndexError: list index out of range
>>> pickle._loads(b'](Na.')
Traceback (most recent call last):
...
IndexError: list index out of range
>>> pickle._loads(b')(.')
Traceback (most recent call last):
...
IndexError: pop from empty list
>>> pickle._loads(b']](a.')
Traceback (most recent call last):
...
IndexError: pop from empty list |
|
Date |
User |
Action |
Args |
2015-11-29 12:19:35 | serhiy.storchaka | set | recipients:
+ serhiy.storchaka, python-dev |
2015-11-29 12:19:34 | serhiy.storchaka | set | messageid: <1448799574.89.0.942841289288.issue25761@psf.upfronthosting.co.za> |
2015-11-29 12:19:34 | serhiy.storchaka | link | issue25761 messages |
2015-11-29 12:19:34 | serhiy.storchaka | create | |
|