New submission from Alexandre Vassalotti <alexan...@peadrop.com>: This was mentioned during the review of issue #9410 (http://codereview.appspot.com/1694050/diff/2001/3001#newcode347), however we forgot to fix this.
The new array-based memo for the Unpickler class assumes incorrectly that memo indices are always contiguous. This is not the case. And due to this, the following pickle will cause Unpickler to use about 3GB of memory to store the memo array. ./python -c "import pickle; pickle.loads(b'\x80\x02]r\xff\xff\xff\x06.')" To fix this, we can add code to fall-back to a dictionary-based memo when the memo keys are not contiguous. ---------- components: Extension Modules messages: 117492 nosy: alexandre.vassalotti priority: critical severity: normal stage: needs patch status: open title: Loading malicious pickle may cause excessive memory usage type: security versions: Python 3.2 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue9965> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
