pickle handling multiple objects ..
Ian Kelly
ian.g.kelly at gmail.com
Mon Feb 27 13:24:24 EST 2012
On Sun, Feb 26, 2012 at 6:00 AM, Chris Angelico <rosuav at gmail.com> wrote:
> Additionally, you'll get a weird crash out of your program if load()
> returns something other than a sequence of length 3. Remember,
> everything that comes from outside your code is untrusted, even if you
> think you made it just two seconds ago.
While that's true, if your pickle is untrusted then a ValueError from
unpacking is the least of your worries. You should never attempt to
load an untrusted pickle in the first place, as doing so allows it to
execute arbitrary code on your system.
Cheers,
Ian
More information about the Python-list
mailing list