[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Iman Sharafaldin added the comment: Thank you for patching that. -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Serhiy Storchaka added the comment: I do not think it is a security issue. The crash cannot be triggered by the user input unless you accept the pickle data from untrusted sources, but in that case you are in large danger, because you allow executing arbitrary code. The changes in this

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Iman Sharafaldin added the comment: @serhiy.storchaka Hi Serhiy, do you count this issue as a security issue? Also, I didn't see that in the latest changelog. Is it now patched on the latest version? https://docs.python.org/release/3.8.5/whatsnew/changelog.html --

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Serhiy Storchaka added the comment: This fix touched the unpickling code, and the test crashed during pickling, so it is not directly related. But it may be some compiler glitch, when changing one part of code affects compilation of other parts of code. The next run on the buildbot was

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Change by Serhiy Storchaka : -- status: closed -> open ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Łukasz Langa added the comment: Is this fix causing the refleak build to fail on 3.8? See: https://buildbot.python.org/all/#/builders/484/builds/149 -- nosy: +lukasz.langa ___ Python tracker

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Serhiy Storchaka added the comment: New changeset b4c98ed41e6c959e95b2a6f65c1b728e94039dfd by Serhiy Storchaka in branch 'master': bpo-41288: Refactor of unpickling NEWOBJ and NEWOBJ_EX opcodes. (GH-21472) https://github.com/python/cpython/commit/b4c98ed41e6c959e95b2a6f65c1b728e94039dfd

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Change by Serhiy Storchaka : -- pull_requests: +20616 pull_request: https://github.com/python/cpython/pull/21472 ___ Python tracker ___

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Change by Ned Deily : -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___ ___

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Ned Deily added the comment: New changeset 6463cf07fef7a923a743fcaf312150c45fd81b64 by Miss Islington (bot) in branch '3.6': bpo-41288: Fix a crash in unpickling invalid NEWOBJ_EX. (GH-21458) (GH-21462) https://github.com/python/cpython/commit/6463cf07fef7a923a743fcaf312150c45fd81b64

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Ned Deily added the comment: New changeset 620e276a8c1d53332fbf08d369be87f862b6949d by Miss Islington (bot) in branch '3.7': bpo-41288: Fix a crash in unpickling invalid NEWOBJ_EX. (GH-21458) (GH-21461) https://github.com/python/cpython/commit/620e276a8c1d53332fbf08d369be87f862b6949d

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

miss-islington added the comment: New changeset 57c984fab69b862563899d2c11da7d27201f4152 by Miss Islington (bot) in branch '3.9': bpo-41288: Fix a crash in unpickling invalid NEWOBJ_EX. (GH-21458) https://github.com/python/cpython/commit/57c984fab69b862563899d2c11da7d27201f4152 --

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Change by miss-islington : -- pull_requests: +20609 pull_request: https://github.com/python/cpython/pull/21462 ___ Python tracker ___

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Change by miss-islington : -- pull_requests: +20608 pull_request: https://github.com/python/cpython/pull/21461 ___ Python tracker ___

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

miss-islington added the comment: New changeset f56c75ed53dcad4d59dff4377ae463d6b96acd3e by Miss Islington (bot) in branch '3.8': bpo-41288: Fix a crash in unpickling invalid NEWOBJ_EX. (GH-21458) https://github.com/python/cpython/commit/f56c75ed53dcad4d59dff4377ae463d6b96acd3e --

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Ned Deily added the comment: Sounds like a good idea. -- versions: +Python 3.6, Python 3.7 ___ Python tracker ___ ___

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Christian Heimes added the comment: Ned, would you like to get this fix backported to 3.6 and 3.7? -- nosy: +ned.deily versions: +Python 3.8, Python 3.9 ___ Python tracker

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Change by miss-islington : -- pull_requests: +20607 pull_request: https://github.com/python/cpython/pull/21460 ___ Python tracker ___

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Change by miss-islington : -- pull_requests: +20606 pull_request: https://github.com/python/cpython/pull/21459 ___ Python tracker ___

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

miss-islington added the comment: New changeset 4f309abf55f0e6f8950ac13d6ec83c22b8d47bf8 by Serhiy Storchaka in branch 'master': bpo-41288: Fix a crash in unpickling invalid NEWOBJ_EX. (GH-21458) https://github.com/python/cpython/commit/4f309abf55f0e6f8950ac13d6ec83c22b8d47bf8 --

[issue41288] Pickle crashes unpickling invalid NEWOBJ_EX opcode

Change by Christian Heimes : -- title: Pickle crashes unpickling invalig NEWOBJ_EX opcode -> Pickle crashes unpickling invalid NEWOBJ_EX opcode ___ Python tracker ___