Thanks to visit codestin.com
Credit goes to github.com

Skip to content

gh-135241: Changed the opcode of _pickle module to look for 00 and 01 specifically #135242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

gh-135241: Changed the opcode of _pickle module to look for 00 and 01 specifically #135242

wants to merge 5 commits into from
+12 −1

Conversation

Legoclones
Copy link
Contributor

@Legoclones Legoclones commented Jun 8, 2025
edited by bedevere-app bot
Loading

The python pickle module looks for "00" and "01" but _pickle only looked for 2 characters that parsed to 0 or 1, meaning some payloads like "+0" or " 0" would lead to different results in different implementations. See more details in the linked issue.

This solution simply checks for the hard-coded chars ensuring no edge cases go by.

@Legoclones
Changed the opcode of _pickle module to look for 00 and 01 specifically
21ff211 
The python pickle module looks for "00" and "01" but _pickle only looked for 2 characters that parsed to 0 or 1, meaning some payloads like "+0" or " 0" would lead to different results in different implementations
@bedevere-app bedevere-app bot mentioned this pull request Jun 8, 2025
Open
skirpichev

This comment was marked as resolved.

Sign in to view

@Legoclones Legoclones requested a review from skirpichev June 9, 2025 14:09
@serhiy-storchaka serhiy-storchaka self-requested a review June 9, 2025 18:41
serhiy-storchaka
serhiy-storchaka reviewed Jun 17, 2025
View reviewed changes
Lib/test/test_pickle.py Outdated
# when getting booleans from the INT opcode. Doing a str comparison
# to bypass truthy/falsy comparisons. These payloads should return
# 0, not False.
out1 = self.loads(b'I+0\n.')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about b'I001'?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The INT opcode only looks specifically for the b'I01' and b'I00' values to convert to True/False. Because of #126992, both implementations specifically use base 10 so b'I001' will push 1 to the stack for both, so that shouldn't be relevant here I don't think.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@serhiy-storchaka serhiy-storchaka serhiy-storchaka left review comments

@skirpichev skirpichev Awaiting requested review from skirpichev

Assignees
No one assigned
Labels
awaiting core review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Legoclones @skirpichev @serhiy-storchaka