Message90847
When reading from a file-like object (like StringIO), cPickle uses the
read_other function, which doesn't check that the number of bytes
requested is the actual number of bytes read (like the read_cStringIO
function does).
Functions like load_binunicode falsely assume that the number of bytes
specified after the BINUNICODE instruction are the actual number of
bytes read. This can eventually lead to a segmentation fault, as
demonstrated in the following example:
import cPickle, StringIO
cPickle.Unpickler(StringIO.StringIO("X''.")).load()
I have tested and reproduced this on Python 2.4.6 (OS X 32-bit), 2.5.1
(OS X 32-bit), and 2.6.2 (Linux 64-bit).
I have not tested Python 3.x, but I believe this problem may be akin to
the one in issue4298. |
|
Date |
User |
Action |
Args |
2009-07-23 15:15:19 | boogenhagn | set | recipients:
+ boogenhagn |
2009-07-23 15:15:19 | boogenhagn | set | messageid: <1248362119.25.0.536343582132.issue6553@psf.upfronthosting.co.za> |
2009-07-23 15:15:17 | boogenhagn | link | issue6553 messages |
2009-07-23 15:15:17 | boogenhagn | create | |
|