[Python-bugs-list] [ python-Bugs-593656 ] pickle/cPickle incompatibility
noreply@sourceforge.net
noreply@sourceforge.net
Sun, 11 Aug 2002 07:10:02 -0700
Bugs item #593656, was opened at 2002-08-11 09:50
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=593656&group_id=5470
Category: Python Library
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: atsuo ishimoto (ishimoto)
Assigned to: Nobody/Anonymous (nobody)
Summary: pickle/cPickle incompatibility
Initial Comment:
In the following case, I found pickle doesn't detect
insecure string
whereas cPickle does.
>>> import pickle, cPickle
>>> pickle.loads("S'\x5c'\np0\n.")
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "/usr/local/lib/python2.1/pickle.py", line
951, in loads
return Unpickler(file).load()
File "/usr/local/lib/python2.1/pickle.py", line
567, in load
dispatch[key](self)
File "/usr/local/lib/python2.1/pickle.py", line
635, in load_string
{'__builtins__': {}})) # Let's be careful
File "<string>", line 1
'\'
^
SyntaxError: invalid token
>>> cPickle.loads("S'\x5c'\np0\n.")
Traceback (most recent call last):
File "<stdin>", line 1, in ?
ValueError: insecure string pickle
>>>
This is because pickle.Unpickler._is_string_secure()
return 1 if string
contains one or more quote characters, whether
they are escaped or not.
----------------------------------------------------------------------
>Comment By: Guido van Rossum (gvanrossum)
Date: 2002-08-11 10:10
Message:
Logged In: YES
user_id=6380
I assume patch #505705 will fix this too.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=593656&group_id=5470