[issue9965] Loading malicious pickle may cause excessive memory usage
report at bugs.python.org
Tue Sep 28 02:07:48 CEST 2010
New submission from Alexandre Vassalotti <alexandre at peadrop.com>:
This was mentioned during the review of issue #9410
(http://codereview.appspot.com/1694050/diff/2001/3001#newcode347), however we forgot to fix this.
The new array-based memo for the Unpickler class assumes incorrectly that memo indices are always contiguous. This is not the case. And due to this, the following pickle will cause Unpickler to use about 3GB of memory to store the memo array.
./python -c "import pickle; pickle.loads(b'\x80\x02]r\xff\xff\xff\x06.')"
To fix this, we can add code to fall-back to a dictionary-based memo when the memo keys are not contiguous.
components: Extension Modules
stage: needs patch
title: Loading malicious pickle may cause excessive memory usage
versions: Python 3.2
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list