[issue42898] pickle.loads() crashes interpreter on invalid input

Christian Heimes added the comment: The pickle module is not safe against malicious or faulty data. Invalid data can cause code injects or even segfaults. It's a know and documented behavior, https://docs.python.org/3/library/pickle.html -- nosy: +christian.heimes resolution: -> not

[issue42898] pickle.loads() crashes interpreter on invalid input

Change by Kale Kundert : -- type: -> crash versions: +Python 3.8 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscri

[issue42898] pickle.loads() crashes interpreter on invalid input

New submission from Kale Kundert : I expect `pickle.loads()` to raise `_pickle.UnpicklingError` for any invalid input, but for the specific example shown below, the interpreter crashes after attempting to allocate >16GB of memory. Note that this input does not have the pickle header (b'0x80'