cpython icon indicating copy to clipboard operation
cpython copied to clipboard
Published 2 weeks ago verified publisher icon python

gh-115952: Fix vulnerability in the pickle module

Open serhiy-storchaka opened this issue 1 year ago • 0 comments

Loading a small data which does not even involve arbitrary code execution could consume arbitrary large amount of memory. There were three issues:

  • PUT and LONG_BINPUT with large argument (the C implementation only). Since the memo is implemented in C as a continuous dynamic array, a single opcode can cause its resizing to arbitrary size. Now the sparsity of memo indices is limited.
  • BINBYTES, BINBYTES8 and BYTEARRAY8 with large argument. They allocated the bytes or bytearray object of the specified size before reading into it. Now they read very large data by chunks.
  • BINSTRING, BINUNICODE, LONG4, BINUNICODE8 and FRAME with large argument. They read the whole data by calling the read() method of the underlying file object, which usually allocates the bytes object of the specified size before reading into it. Now they read very large data by chunks.
  • Issue: gh-115952

serhiy-storchaka avatar May 20 '24 09:05 serhiy-storchaka