[issue19219] speed up marshal.loads()
Serhiy Storchaka
report at bugs.python.org
Fri Oct 11 15:10:54 CEST 2013
Serhiy Storchaka added the comment:
> The marshal module is not intended to be secure against erroneous or maliciously constructed data. Never unmarshal data received from an untrusted or unauthenticated source.
Then we can simplify the marshal module by dropping all error handling: f.read() returned not bytes, read() returned too much data, EOF read where not expected, recursion limit exceeded, long/string/unicode/tuple/list/set size out of range, unnormalized long data, digit out of range in long, index list too large, invalid reference, unknown type code, NULL object in marshal data for set, UTF8 decoding errors, string to float converting errors, etc, etc. Sorry for sarcasm.
> It's exactly what you suggest: reuse PyUnicode_AsUTF8String().
Actually _PyUnicode_UTF8(). PyUnicode_AsUTF8String() creates UTF8 cache if it is not exists and this can be not desired. We could use this optimization in many other places, in particular in PyUnicode_AsUTF8String() itself.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue19219>
_______________________________________
More information about the Python-bugs-list
mailing list