[issue34656] memory exhaustion in Modules/_pickle.c:1393

Matej Cepl added the comment: Does it even make sense to make a security patch for 2.7 for this one? -- nosy: +mcepl ___ Python tracker ___

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Serhiy Storchaka added the comment: I am not sure this issue should be classified as a security issue. It can cause DDOS, because pickle should not be used with untrusted data. If it is used, the program has more severe security issues than just DDOS. The crash could be triggered by

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Miro Hrončok added the comment: Should this go to 3.4 and 3.5 as well, since it is a security thing? http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-20406.html -- nosy: +hroncok ___ Python tracker

[issue34656] memory exhaustion in Modules/_pickle.c:1393

miss-islington added the comment: New changeset 71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc by Miss Islington (bot) in branch '3.6': closes bpo-34656: Avoid relying on signed overflow in _pickle memos. (GH-9261) https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc

[issue34656] memory exhaustion in Modules/_pickle.c:1393

miss-islington added the comment: New changeset ef4306b24c9034d6b37bb034e2ebe82e745d4b77 by Miss Islington (bot) in branch '3.7': closes bpo-34656: Avoid relying on signed overflow in _pickle memos. (GH-9261) https://github.com/python/cpython/commit/ef4306b24c9034d6b37bb034e2ebe82e745d4b77

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Change by miss-islington : -- pull_requests: +8879 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Change by miss-islington : -- pull_requests: +8878 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Benjamin Peterson added the comment: New changeset a4ae828ee416a66d8c7bf5ee71d653c2cc6a26dd by Benjamin Peterson in branch 'master': closes bpo-34656: Avoid relying on signed overflow in _pickle memos. (GH-9261)

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Serhiy Storchaka added the comment: >>> import pickletools >>> pickletools.dis(b'\x80\x04\x95\x1d\x00\x00\x00\x00\x00\x00\x00}\x94(\x8c\x03age\x94K\x17\x8c\x03jobr\x8c\x07student\x94u.') 0: \x80 PROTO 4 2: \x95 FRAME 29 11: }EMPTY_DICT 12: \x94 MEMOIZE(as 0)

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Change by Kubilay Kocak : -- nosy: -koobs ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Change by Benjamin Peterson : -- keywords: +patch pull_requests: +8718 stage: -> patch review ___ Python tracker ___ ___

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Change by Karthikeyan Singaravelan : -- nosy: +xtreak ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Change by Serhiy Storchaka : -- nosy: +alexandre.vassalotti, serhiy.storchaka ___ Python tracker ___ ___ Python-bugs-list mailing

[issue34656] memory exhaustion in Modules/_pickle.c:1393

shuoz added the comment: [--registers---] RAX: 0x7ff9d401e010 --> 0x0 RBX: 0x77f48d00 --> 0x1 RCX: 0x7ff8ab58c800 --> 0x77ea5d80 --> 0x2 RDX: 0x73ac47d8 --> 0x1 RSI: 0x25152303 RDI: 0xfff3a803c00 --> 0x0 RBP:

[issue34656] memory exhaustion in Modules/_pickle.c:1393

Change by shuoz : Added file: https://bugs.python.org/file47802/pk.py ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue34656] memory exhaustion in Modules/_pickle.c:1393

New submission from shuoz : python version: Python 3.8.0a0 (heads/master:4ae8ece, Sep 13 2018, 09:48:16) [GCC 5.4.0 20160609] on linux I found a bug in python pickle.load func. Can cause memory exhaustion DDOS. ./python pk.py poc cat ./pk.py import pickle import sys filename =