[issue25248] Discrepancy in unpickling integers with protocol 0

Serhiy Storchaka added the comment: No, it is never produced by standard pickler. I'm just interesting, could we do something with this, and should we do anything? -- ___ Python tracker

[issue25248] Discrepancy in unpickling integers with protocol 0

Serhiy Storchaka added the comment: One funny thing is that the same data can produce different result when unpickled with pickle and cPickle in 2.x. But unlikely it is larger vulnerability than using unpickling at all. Just FYI: PyPy 2.2.1: import pickle, cPickle

[issue25248] Discrepancy in unpickling integers with protocol 0

Antoine Pitrou added the comment: Is b'I010\n.' actually produced by the pickler, or is it something you contructed yourself? -- ___ Python tracker ___

[issue25248] Discrepancy in unpickling integers with protocol 0

Antoine Pitrou added the comment: If it's not produced in any case, I don't think we should care about it. The only thing we must be careful about is not to crash or open any vulnerabilities. -- ___ Python tracker

[issue25248] Discrepancy in unpickling integers with protocol 0

New submission from Serhiy Storchaka: There are discrepancies between Python 2 and Python 3, Python and C implementations, INT and LONG opcodes when unpickle integer with protocol 0. Python 2.7: >>> import pickle, cPickle >>> pickle.loads(b'I010\n.') 10 >>> cPickle.loads(b'I010\n.') 8 >>>