Alexander Belopolsky <belopol...@users.sourceforge.net> added the comment:
Antoine is right, my patch is only of "discussion" quality and if my approach gets support, I will produce a more polished patch. While I am fairly certain that this bug should be fixed where it was introduced, namely in the _pickle module, I am not sure patching both load_binstring() and load_short_binstring() is the right approach. It may be better to modify _Unpickler_Read() so that it returns self->input_buffer (or even self->input_buffer + self->next_read_idx) for zero n. This would be a cleaner design similar to that for PyMem_Malloc() et al. (Since _Unpickler_Read() is private API and the comment documenting it does not specify that it returns NULL for n = 0, I think this can be done in a bugfix release. Furthermore, I reviewed the uses of _Unpickler_Read() with variable and thus potentially zero size and one of them is followed by a null check for s.) On the other hand, my patch also eliminates redundant call to _Unpickler_Read() and makes load_binstring() and load_short_binstring() logic similar to that in load_counted_long(). The main advantage, of course is skipping PyUnicode_Decode() which will load a codec potentially triggering an import and execution of python code. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue11286> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
