Serhiy Storchaka added the comment:
The simplest example:
import marshal
t = [],
t[0].append(t)
b = marshal.dumps(t)
b = bytearray(b)
b[2] = b'<'[0]
marshal.loads(b)
Create a recursive tuple containing a list containing a reference to original
tuple. Marshal it and replace TYPE_LIST ('[') by TYPE_SET ('<'). Now marshalled
data contains a recursive tuple containing a set containing a reference to
original tuple. When a tuple is added to a set, it still is not initialized,
and hash is calculated on a uninitialized tuple.
I believe it is not possible to create such structure without hacking marhal
data or using C API. And it is hard to protect from such situation in marshal.c.
----------
nosy: +serhiy.storchaka
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue27826>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
