From 21ff2115a2dc3af8579efdfc270b1e3e8e2a44e3 Mon Sep 17 00:00:00 2001 From: Justin Applegate Date: Sat, 7 Jun 2025 21:06:52 -0400 Subject: [PATCH 1/4] Changed the opcode of _pickle module to look for 00 and 01 specifically The python pickle module looks for "00" and "01" but _pickle only looked for 2 characters that parsed to 0 or 1, meaning some payloads like "+0" or " 0" would lead to different results in different implementations --- Modules/_pickle.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/_pickle.c b/Modules/_pickle.c index 86d8b38620cb7f..712154b2d53f3a 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -5255,7 +5255,7 @@ load_int(PickleState *state, UnpicklerObject *self) } } else { - if (len == 3 && (x == 0 || x == 1)) { + if (len == 3 && s[0] == '0' && (s[1] == '0' || s[1] == '1')) { if ((value = PyBool_FromLong(x)) == NULL) return -1; } From 6ccd46efe3254c72f3cd56df41a75338c4015d62 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Sun, 8 Jun 2025 01:10:36 +0000 Subject: [PATCH 2/4] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst diff --git a/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst b/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst new file mode 100644 index 00000000000000..066b8b2294976f --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst @@ -0,0 +1 @@ +The :code:`INT` opcode of the C accelerator :mod:`_pickle` module was updated to look only for "00" and "01" to push booleans onto the stack, aligning with the Python :mod:`pickle` module. From 39fc1dd653fd7af06e0bf120d7a081435c67f6a3 Mon Sep 17 00:00:00 2001 From: Justin Applegate Date: Mon, 9 Jun 2025 09:35:07 -0400 Subject: [PATCH 3/4] Added test for issue 135241 --- Lib/test/test_pickle.py | 10 ++++++++++ .../2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_pickle.py b/Lib/test/test_pickle.py index e2384b33345a45..63f231bf8a3935 100644 --- a/Lib/test/test_pickle.py +++ b/Lib/test/test_pickle.py @@ -376,6 +376,16 @@ class CUnpicklerTests(PyUnpicklerTests): bad_stack_errors = (pickle.UnpicklingError,) truncated_errors = (pickle.UnpicklingError,) + def test_issue135241(self): + # C implementation should check for hardcoded values 00 and 01 + # when getting booleans from the INT opcode. Doing a str comparison + # to bypass truthy/falsy comparisons. These payloads should return + # 0, not False. + out1 = self.loads(b'I+0\n.') + self.assertTrue(str(out1) == str(0)) + out2 = self.loads(b'I 0\n.') + self.assertTrue(str(out2) == str(0)) + class CPicklingErrorTests(PyPicklingErrorTests): pickler = _pickle.Pickler diff --git a/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst b/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst index 066b8b2294976f..5395f34e75de0a 100644 --- a/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst +++ b/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst @@ -1 +1 @@ -The :code:`INT` opcode of the C accelerator :mod:`_pickle` module was updated to look only for "00" and "01" to push booleans onto the stack, aligning with the Python :mod:`pickle` module. +The :code:`INT` opcode of the C accelerator `_pickle` module was updated to look only for "00" and "01" to push booleans onto the stack, aligning with the Python :mod:`pickle` module. From 74ad5410dca9f19439b2a310d1ddfe47598f2b48 Mon Sep 17 00:00:00 2001 From: Justin Applegate Date: Mon, 9 Jun 2025 09:37:28 -0400 Subject: [PATCH 4/4] Fixed rst formatting in NEWS --- .../next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst b/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst index 5395f34e75de0a..34217db5dfab19 100644 --- a/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst +++ b/Misc/NEWS.d/next/Library/2025-06-08-01-10-34.gh-issue-135241.5j18IW.rst @@ -1 +1 @@ -The :code:`INT` opcode of the C accelerator `_pickle` module was updated to look only for "00" and "01" to push booleans onto the stack, aligning with the Python :mod:`pickle` module. +The :code:`INT` opcode of the C accelerator ``_pickle`` module was updated to look only for "00" and "01" to push booleans onto the stack, aligning with the Python :mod:`pickle` module.