Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
python-numpy.5086
CVE-2019-6446_allow_pickle_False.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-6446_allow_pickle_False.patch of Package python-numpy.5086
--- a/numpy/lib/npyio.py +++ b/numpy/lib/npyio.py @@ -5,7 +5,6 @@ from . import format import sys import os import re -import sys import itertools import warnings import weakref @@ -281,7 +280,7 @@ class NpzFile(object): return self.files.__contains__(key) -def load(file, mmap_mode=None): +def load(file, mmap_mode=None, allow_pickle=None): """ Load an array(s) or pickled objects from .npy, .npz, or pickled files. @@ -360,8 +359,16 @@ def load(file, mmap_mode=None): memmap([4, 5, 6]) """ - import gzip + if allow_pickle is None: + UserWarning(""" + numpy.load() run without explicit setting allow_pickle option. + If you are not completely certain about security of the pickled + data, you are strongly encouraged to set allow_pickle to False, + otherwise you can set it to True. + """) + allow_pickle = False + import gzip own_fid = False if isinstance(file, basestring): fid = open(file, "rb") @@ -390,12 +397,16 @@ def load(file, mmap_mode=None): else: return format.read_array(fid) else: - # Try a pickle - try: - return pickle.load(fid) - except: + if allow_pickle: + # Try a pickle + try: + return pickle.load(fid) + except: + raise IOError( + "Failed to interpret file %s as a pickle" % repr(file)) + else: raise IOError( - "Failed to interpret file %s as a pickle" % repr(file)) + "Loading of pickles not permitted: file %s" % repr(file)) finally: if own_fid: fid.close()
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
