[issue25248] Discrepancy in unpickling integers with protocol 0
Serhiy Storchaka
report at bugs.python.org
Sun Sep 27 20:43:52 CEST 2015
Serhiy Storchaka added the comment:
One funny thing is that the same data can produce different result when unpickled with pickle and cPickle in 2.x. But unlikely it is larger vulnerability than using unpickling at all.
Just FYI:
PyPy 2.2.1:
>>>> import pickle, cPickle
>>>> pickle.loads(b'I010\n.')
10
>>>> cPickle.loads(b'I010\n.')
10
>>>> pickle.loads(b'L010\n.')
8L
>>>> cPickle.loads(b'L010\n.')
8L
Jython 2.5.3:
>>> import pickle, cPickle
>>> pickle.loads('I010\n.')
10
>>> cPickle.loads('I010\n.')
10
>>> pickle.loads('L010L\n.')
8L
>>> cPickle.loads('L010L\n.')
10L
----------
resolution: -> not a bug
stage: -> resolved
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25248>
_______________________________________
More information about the Python-bugs-list
mailing list