https://github.com/python/cpython/commit/781294019db1247e6197d658cfcbc35c8c0ae25f
commit: 781294019db1247e6197d658cfcbc35c8c0ae25f
branch: main
author: Justin Applegate <[email protected]>
committer: serhiy-storchaka <[email protected]>
date: 2025-08-14T22:22:37+03:00
summary:
gh-135241: Make unpickling of booleans in protocol 0 more strict (GH-135242)
The Python pickle module looks for "00" and "01" but _pickle only looked
for 2 characters that parsed to 0 or 1, meaning some payloads like "+0" or
" 0" would lead to different results in different implementations.
files:
A Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst
M Lib/test/pickletester.py
M Modules/_pickle.c
diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py
index 9a3a26a8400844..1a7658b13fa5e3 100644
--- a/Lib/test/pickletester.py
+++ b/Lib/test/pickletester.py
@@ -1012,6 +1012,16 @@ def test_constants(self):
self.assertIs(self.loads(b'I01\n.'), True)
self.assertIs(self.loads(b'I00\n.'), False)
+ def test_issue135241(self):
+ # C implementation should check for hardcoded values 00 and 01
+ # when getting booleans from the INT opcode. Doing a str comparison
+ # to bypass truthy/falsy comparisons. These payloads should return
+ # 0, not False.
+ out1 = self.loads(b'I+0\n.')
+ self.assertEqual(str(out1), '0')
+ out2 = self.loads(b'I 0\n.')
+ self.assertEqual(str(out2), '0')
+
def test_zero_padded_integers(self):
self.assertEqual(self.loads(b'I010\n.'), 10)
self.assertEqual(self.loads(b'I-010\n.'), -10)
diff --git
a/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst
b/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst
new file mode 100644
index 00000000000000..058ef11083e782
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst
@@ -0,0 +1,3 @@
+The :code:`INT` opcode of the C accelerator :mod:`!_pickle` module was updated
+to look only for "00" and "01" to push booleans onto the stack, aligning with
+the Python :mod:`pickle` module.
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index cf3ceb43fb3f3f..bc06478799345a 100644
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -5255,7 +5255,7 @@ load_int(PickleState *state, UnpicklerObject *self)
}
}
else {
- if (len == 3 && (x == 0 || x == 1)) {
+ if (len == 3 && s[0] == '0' && (s[1] == '0' || s[1] == '1')) {
if ((value = PyBool_FromLong(x)) == NULL)
return -1;
}
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
