StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POPython pickle - how does it break?
primarykey
Id
4132132
data
AcceptedAnswerId
0
AnswerCount
3
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2010-11-09T09:27:57.710
FavoriteCount
5
LastActivityDate
2017-05-02T08:02:19.957
LastEditDate
2010-11-09T12:05:44.947
LastEditorUserId
114917
OwnerUserId
114917
ParentId
0
PostTypeId
1
Score
12
ViewCount
2655
LastEditorDisplayName
text
Body
Everyone knows pickle is not a secure way to store user data. It even says so on the box. I'm looking for examples of strings or data structures that break pickle parsing in the current supported versions of <code>cPython >= 2.4</code>. Are there things that can be pickled but not unpickled? Are there problems with particular unicode characters? Really big data structures? Obviously the old ASCII protocol has some issues, but what about the most current binary form? I'm particularly curious about ways in which the pickle <code>loads</code> operation can fail, especially when given a string produced by pickle itself. Are there any circumstances in which pickle will continue parsing past the <code>.</code>? What sort of edge cases are there? Edit: Here are some examples of the sort of thing I'm looking for: <ul> <li>In Python 2.4, you can pickle an array without error, but you can't unpickle it. <a href="http://bugs.python.org/issue1281383" rel="noreferrer">http://bugs.python.org/issue1281383</a></li> <li>You can't reliably pickle objects that inherit from dict and call <code>__setitem__</code> before instance variables are set with <code>__setstate__</code>. This can be a gotcha when pickling Cookie objects. See <a href="http://bugs.python.org/issue964868" rel="noreferrer">http://bugs.python.org/issue964868</a> and <a href="http://bugs.python.org/issue826897" rel="noreferrer">http://bugs.python.org/issue826897</a></li> <li>Python 2.4 (and 2.5?) will return a pickle value for infinity (or values close to it like 1e100000), but may (depending on platform) fail when loading. See <a href="http://bugs.python.org/issue880990" rel="noreferrer">http://bugs.python.org/issue880990</a> and <a href="http://bugs.python.org/issue445484" rel="noreferrer">http://bugs.python.org/issue445484</a></li> <li>This last item is interesting because it reveals a case where the <code>STOP</code> marker does not actually stop parsing - when the marker exists as part of a literal, or more generally, when not preceded by a newline.</li> </ul>
Tags
<python><serialization><escaping><pickle>
Title
Python pickle - how does it break?
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USPaul McMillan
UserOwnerUserId
1. USPaul McMillan
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POPython pickle - how does it break?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POPython pickle - how does it break?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POPython pickle - how does it break?
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COYou may want to read the *Security* section of [PEP 307](http://www.python.org/dev/peps/pep-0307/).
 singulars
 PostPostId
 POPython pickle - how does it break?
 UserUserId
 USBjörn Pollex
2. COSpace_C0wb0y: yes, that is why I mentioned it on the first line of my question.
 singulars
 PostPostId
 POPython pickle - how does it break?
 UserUserId
 USPaul McMillan

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.