Serhiy Storchaka added the comment: > The marshal module is not intended to be secure against erroneous or > maliciously constructed data. Never unmarshal data received from an untrusted > or unauthenticated source.
Then we can simplify the marshal module by dropping all error handling: f.read() returned not bytes, read() returned too much data, EOF read where not expected, recursion limit exceeded, long/string/unicode/tuple/list/set size out of range, unnormalized long data, digit out of range in long, index list too large, invalid reference, unknown type code, NULL object in marshal data for set, UTF8 decoding errors, string to float converting errors, etc, etc. Sorry for sarcasm. > It's exactly what you suggest: reuse PyUnicode_AsUTF8String(). Actually _PyUnicode_UTF8(). PyUnicode_AsUTF8String() creates UTF8 cache if it is not exists and this can be not desired. We could use this optimization in many other places, in particular in PyUnicode_AsUTF8String() itself. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue19219> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
