Antoine Pitrou <pit...@free.fr> added the comment: As an example of malicious pickle causing "excessive" memory usage, you can simply write:
>>> s = b'\x80\x03cbuiltins\nbytearray\nq\x00J\x00\x00\x00\x7f\x85q\x01Rq\x02.' >>> _ = pickle.loads(s) This will allocate an almost 2GB bytearray. You can of course change the size as you like. Here is the disassembly: >>> pickletools.dis(s) 0: \x80 PROTO 3 2: c GLOBAL 'builtins bytearray' 22: q BINPUT 0 24: J BININT 2130706432 29: \x85 TUPLE1 30: q BINPUT 1 32: R REDUCE 33: q BINPUT 2 35: . STOP highest protocol among opcodes = 2 Therefore, I would recommend closing this issue. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue9965> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com