is there a safe marshaler?
Irmen de Jong
irmen.NOSPAM at xs4all.nl
Fri Feb 11 17:07:42 EST 2005
Fredrik Lundh wrote:
> the problem is that the following may or may not reach the "done!" statement,
> somewhat depending on python version, memory allocator, and what data you
> pass to dumps.
>
> import marshal
>
> data = marshal.dumps((1, 2, 3, "hello", 4, 5, 6))
>
> for i in range(len(data), -1, -1):
> try:
> print marshal.loads(data[:i])
> except EOFError:
> print "EOFError"
> except ValueError:
> print "ValueError"
>
> print "done!"
>
> (try different data combinations, to see how far you get on your platform...)
Python 2.4 on my windows box crashes with
Fatal Python error: PyString_InternInPlace: strings only please!
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
c:\> _
So indeed it seems that marshal is not safe yet :-|
> fixing this should be relatively easy, and should result in a safe unmarshaller (your
> application will still have to limit the amount of data fed into load/loads, of course).
Okay.
--Irmen
More information about the Python-list
mailing list