Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork32k
gh-119342: Fix OOM vulnerability in plistlib#119343
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:main
Are you sure you want to change the base?
Conversation
Reading a specially prepared small Plist file could cause OOM because file'sread(n) preallocates a bytes object for reading the specified amount ofdata. Now plistlib reads large data by chunks, therefore the upper limit ofconsumed memory is proportional to the size of the input file.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Lib/plistlib.py Outdated
| if len(data) != size: | ||
| raise InvalidFileException | ||
| return data | ||
| cursize = min(size, 1 << 20) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Do you want to perhaps make (1 << 20) as a constant the same way you did for the pickle vulnerability?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Maybe. In thepickle module the constant is used in several places, so there are more reasons to use a named constant there.
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
I've marked this Draft for now as discussion on this on the security response team list is not complete. (we'll summarize that in a public issue once it has settled) |
See#119514 (comment) for results of the PSRT discussion. |
Uh oh!
There was an error while loading.Please reload this page.
Reading a specially prepared small Plist file could cause OOM because file's read(n) preallocates a bytes object for reading the specified amount of data. Now plistlib reads large data by chunks, therefore the upper limit of consumed memory is proportional to the size of the input file.