From 22893f3291fec0bf5eb7e3a48e976a1df2f79ae1 Mon Sep 17 00:00:00 2001 From: Krishna-web-hub Date: Sun, 8 Feb 2026 01:24:50 +0530 Subject: [PATCH 1/2] pickle: validate slotstate type in load_build --- Lib/pickle.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Lib/pickle.py b/Lib/pickle.py index 3e7cf25cb05337..10016dae71fd80 100644 --- a/Lib/pickle.py +++ b/Lib/pickle.py @@ -1876,8 +1876,10 @@ def load_build(self): inst_dict[intern(k)] = v else: inst_dict[k] = v - if slotstate: - for k, v in slotstate.items(): + if slotstate is not None: + if not isinstance(slotstate, dict): + raise UnpicklingError("slot state is not a dictionary") + for k, v in slotstate.items(): setattr(inst, k, v) dispatch[BUILD[0]] = load_build From 213c0e01d1c4a4e3829e48dd25d4316e90b7bc61 Mon Sep 17 00:00:00 2001 From: Krishna-web-hub Date: Sun, 8 Feb 2026 05:15:57 +0530 Subject: [PATCH 2/2] gh-144411: Validate slotstate type in pickle.load_build() --- .../next/Library/2026-02-08-05-15-15.gh-issue-144411.5SLrNj.rst | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 Misc/NEWS.d/next/Library/2026-02-08-05-15-15.gh-issue-144411.5SLrNj.rst diff --git a/Misc/NEWS.d/next/Library/2026-02-08-05-15-15.gh-issue-144411.5SLrNj.rst b/Misc/NEWS.d/next/Library/2026-02-08-05-15-15.gh-issue-144411.5SLrNj.rst new file mode 100644 index 00000000000000..dfef4815b1b4dd --- /dev/null +++ b/Misc/NEWS.d/next/Library/2026-02-08-05-15-15.gh-issue-144411.5SLrNj.rst @@ -0,0 +1,2 @@ +Fixed an inconsistency between the pure-Python and C pickle implementations +when handling invalid slot state during unpickling.