Antoine Pitrou <[email protected]> added the comment:
As an example of malicious pickle causing "excessive" memory usage, you can
simply write:
>>> s = b'\x80\x03cbuiltins\nbytearray\nq\x00J\x00\x00\x00\x7f\x85q\x01Rq\x02.'
>>> _ = pickle.loads(s)
This will allocate an almost 2GB bytearray. You can of course change the size
as you like. Here is the disassembly:
>>> pickletools.dis(s)
0: \x80 PROTO 3
2: c GLOBAL 'builtins bytearray'
22: q BINPUT 0
24: J BININT 2130706432
29: \x85 TUPLE1
30: q BINPUT 1
32: R REDUCE
33: q BINPUT 2
35: . STOP
highest protocol among opcodes = 2
Therefore, I would recommend closing this issue.
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue9965>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
