Pickle `load_build` function checks if `slotstate` is False, not a dict

[Legoclones]

Bug report

Bug description:

This issue is similar to Issue #128965. Inside of the load_build() function, Python pickle assumes that slotstate is a dictionary while C _pickle explicitly checks to ensure it's a dictionary. The behavior of these two implementations diverge when slotstate is falsey but not a dictionary.

payload:      b'NN\x8f\x86b.'

pickle:       None
_pickle.c:    FAILURE slot state is not a dictionary
pickletools:
    0: N    NONE
    1: N    NONE
    2: \x8f EMPTY_SET
    3: \x86 TUPLE2
    4: b    BUILD
    5: .    STOP
highest protocol among opcodes = 4

In this case, opcode 2 (EMPTY_SET) is slotstate. When running in pickle.py, this is falsey and thus the code inside setting attributes will not be run, causing the pickle to continue deserializing without any errors.

cpython/Lib/pickle.py

Line 1868 in 29acc08

if slotstate:

When running in _pickle.c, this value is not a dictionary, causing an error to be thrown.

cpython/Modules/_pickle.c

Line 6903 in 29acc08

if (!PyDict_Check(slotstate)) {

I guess also in general I'm not understanding what the if slotstate in pickle.py is meant to do anyway. If it's supposed to check if slotstate == None, then the C _pickle module doesn't do that correctly. It checks if slotstate is NULL, which is not the same as PyNone.

cpython/Modules/_pickle.c

Line 6899 in 29acc08

if (slotstate != NULL) {

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

Linked PRs

• gh-144411: Validate slotstate type in pickle.load_build() #144582

[Krishna-web-hub]

Hello @Legoclones , i generated the same pickletools.dis(payload) but while unpicking it both pickle.py and _pickle.c are raising error for the input provided can you tell me how you tested cause i got normal behavior for windows(python - 3.12, 3.13, 3.14) and same for Linux.

[Legoclones]

@Krishna-web-hub You have to make sure you're loading the pickle from pickle.py correctly, if you do import pickle; pickle.loads(...) it will actually default to the C pickle version if it can, which is why both would error. Here's the script I use to compare the payloads:

from pickle import _Unpickler
import _pickle
from io import BytesIO
from pickletools import dis

# edit here
payload = b'NN\x8f\x86b.'
encoding = 'utf-8'

# pickle
print('pickle:       ',end='')
try:
    print(_Unpickler(BytesIO(payload),encoding=encoding).load())
except Exception as e:
    print('FAILURE',e)

# _pickle.c
print('_pickle.c:    ',end='')
try:
    print(_pickle.loads(payload,encoding=encoding))
except Exception as e:
    print('FAILURE',e)

# pickletools
print('pickletools:  ')
try:
    dis(payload)
except Exception as e:
    print('pickletools failed',e)

[Krishna-web-hub]

Hello @Legoclones , so from your code which is being used for testing i can see the error which you found while testing.

[Krishna-web-hub]

Hello @Legoclones attached the pr please check it out.