akruis
commented
3 years ago Currently Stackless does not have a mechanism to prevent unpickling code objects pickled by a different version of Stackless. This can cause a crash.
Actually, the crash is not caused by unpickling code, but from executing the invalid code object. Therefore it would be sufficient to mark the unpickled code object as "invalid". Possibly one could replace the value of co_code with invalid opcodes. Then any attempt to execute the code would just cause an SystemError exception. Additionally Stackless could emit a warning, if it unpickles invalid code objects. Then application code can handle this warning as appropriate.
Prevent unpickling code objects pickled with an incompatible version of Stackless Python. Python changes its byte-code every now and then. A magic number (importlib.util.MAGIC_NUMBER) prevents importing compiled code (*.pyc-files) created with a different version of Python.
Currently Stackless does not have a mechanism to prevent unpickling code objects pickled by a different version of Stackless. This can cause a crash. This pull request adds the magic number importlib.util.MAGIC_NUMBER to pickled code objects and checks the number upon unpickling.