mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-03 11:23:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Paul Rubin reminds me that of course a class's constructor /could/ get

Browse source 
called, if the pickler found a __getinitargs__() method.
This commit is contained in:
Barry Warsaw 2001-11-18 16:24:01 +00:00
parent f376ef0996
commit 69ab5836ae
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Doc/lib/libpickle.tex
View file

@ -604,10 +604,12 @@ evil things like call \code{os.unlink()} with an arbitrary file name.
See section~\ref{pickle-protocol} for more details. See section~\ref{pickle-protocol} for more details.
For safely unpickling class instances, you need to control exactly For safely unpickling class instances, you need to control exactly
which classes will get created. The issue here is usually not that a which classes will get created. Be aware that a class's constructor
class's constructor will get called --- it won't by the unpickler --- could be called (if the pickler found a \method{__getinitargs__()}
but that the class's destructor (i.e. its \method{__del__()} method) method) and the the class's destructor (i.e. its \method{__del__()} method)
might get called when the object is garbage collected. The way to might get called when the object is garbage collected. Depending on
the class, it isn't very heard to trick either method into doing bad
things, such as removing a file. The way to
control the classes that are safe to instantiate differs in control the classes that are safe to instantiate differs in
\module{pickle} and \module{cPickle}\footnote{A word of caution: the \module{pickle} and \module{cPickle}\footnote{A word of caution: the
mechanisms described here use internal attributes and methods, which mechanisms described here use internal attributes and methods, which