[New-bugs-announce] [issue42898] pickle.loads() crashes interpreter on invalid input
Kale Kundert
report at bugs.python.org
Mon Jan 11 16:12:27 EST 2021
New submission from Kale Kundert <kale at thekunderts.net>:
I expect `pickle.loads()` to raise `_pickle.UnpicklingError` for any invalid input, but for the specific example shown below, the interpreter crashes after attempting to allocate >16GB of memory. Note that this input does not have the pickle header (b'0x80'), so it should be easy to distinguish from valid input.
$ python
Python 3.8.2 (default, Apr 13 2020, 11:02:04)
[Clang 9.0.1 ] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pickle
>>> pickle.loads(b'January 11')
[1] 624227 killed python3
----------
messages: 384865
nosy: kalekundert
priority: normal
severity: normal
status: open
title: pickle.loads() crashes interpreter on invalid input
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42898>
_______________________________________
More information about the New-bugs-announce
mailing list