Serhiy Storchaka added the comment:
One funny thing is that the same data can produce different result when
unpickled with pickle and cPickle in 2.x. But unlikely it is larger
vulnerability than using unpickling at all.
Just FYI:
PyPy 2.2.1:
>>>> import pickle, cPickle
>>>> pickle.loads(b'I010\n.')
10
>>>> cPickle.loads(b'I010\n.')
10
>>>> pickle.loads(b'L010\n.')
8L
>>>> cPickle.loads(b'L010\n.')
8L
Jython 2.5.3:
>>> import pickle, cPickle
>>> pickle.loads('I010\n.')
10
>>> cPickle.loads('I010\n.')
10
>>> pickle.loads('L010L\n.')
8L
>>> cPickle.loads('L010L\n.')
10L
----------
resolution: -> not a bug
stage: -> resolved
status: open -> closed
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue25248>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
