[ python-Bugs-1122301 ] marshal may crash on truncated input

Tue, 19 Apr 2005 07:58:07 -0700 

Bugs item #1122301, was opened at 2005-02-14 11:14
Message generated for change (Comment added) made by mwh
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1122301&group_id=5470

Category: Python Library
Group: Python 2.4
Status: Open
Resolution: None
Priority: 5
Submitted By: Fredrik Lundh (effbot)
>Assigned to: Fredrik Lundh (effbot)
Summary: marshal may crash on truncated input

Initial Comment:
marshal doesn't behave well on truncated or otherwise 
malformed input.  here's a short demo script, from a 
recent comp.lang.python thread:

:::

the problem is that the following may or may not reach 
the "done!" statement, somewhat depending on python 
version, memory allocator, and what data you pass to 
dumps.

import marshal

data = marshal.dumps((1, 2, 3, "hello", 4, 5, 6))

for i in range(len(data), -1, -1):
    try:
        print marshal.loads(data[:i])
    except EOFError:
        print "EOFError"
    except ValueError:
        print "ValueError"

print "done!"

(try different data combinations, to see how far you get 
on your platform...)

fixing this should be relatively easy, and should result in 
a safe unmarshaller (your application will still have to 
limit the amount of data fed into load/loads, of course).

:::

(also note that marshal may raise either EOFError or 
ValueError exceptions, again somewhat depending on 
how the file is damaged.  a little consistency wouldn't 
hurt, but I'm not sure if/how this can be fixed...)


----------------------------------------------------------------------

>Comment By: Michael Hudson (mwh)
Date: 2005-04-19 15:58

Message:
Logged In: YES 
user_id=6656

I think the attached fixes this example, and another involving marshalled 
sets.

I spent a while feeding random data to marshal a few days ago and found 
that the commonest problem was attempting to allocate really huge 
sequences.  Also, the TYPE_STRINGREF is horribly fragile, but I'm 
hoping Martin's going to fix that (he has a bug filed against him, anyway).

Can you test/check it in?  My marshal.c has rather a lot of local changes.

Also, a test suite entry would be nice...

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1122301&group_id=5470
_______________________________________________
Python-bugs-list mailing list 
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to