This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author boogenhagn
Recipients boogenhagn
Date 2009-07-23.15:15:17
SpamBayes Score 1.1640031e-07
Marked as misclassified No
Message-id <1248362119.25.0.536343582132.issue6553@psf.upfronthosting.co.za>
In-reply-to
Content 
When reading from a file-like object (like StringIO), cPickle uses the
read_other function, which doesn't check that the number of bytes
requested is the actual number of bytes read (like the read_cStringIO
function does).

Functions like load_binunicode falsely assume that the number of bytes
specified after the BINUNICODE instruction are the actual number of
bytes read.  This can eventually lead to a segmentation fault, as
demonstrated in the following example:

import cPickle, StringIO

cPickle.Unpickler(StringIO.StringIO("X''.")).load()


I have tested and reproduced this on Python 2.4.6 (OS X 32-bit), 2.5.1
(OS X 32-bit), and 2.6.2 (Linux 64-bit).

I have not tested Python 3.x, but I believe this problem may be akin to
the one in issue4298.
History
Date User Action Args
2009-07-23 15:15:19boogenhagnsetrecipients: + boogenhagn
2009-07-23 15:15:19boogenhagnsetmessageid: <1248362119.25.0.536343582132.issue6553@psf.upfronthosting.co.za>
2009-07-23 15:15:17boogenhagnlinkissue6553 messages
2009-07-23 15:15:17boogenhagncreate