PyQt from py27 to py38
RoadrunnerWMC
roadrunnerwmc at gmail.com
Tue Oct 26 16:06:46 BST 2021
The pickletools method is at least doable for relatively simple pickles --
I have an application that does exactly that because another developer made
the less-than-wise decision to store pickled PyQt4 objects in user data
files a long time ago, and now I have to support reading them forever. The
main downside is that you have to make a lot of assumptions about the
structure of the pickle data, ones which technically don't *need* to always
be true, but *should* nevertheless be safe if your users are all using
CPython and not manually messing with the generated pickle data for some
reason.
There is another option, too, which is to make a minimal fake "PyQt4"
interface (just a few nearly-empty class stubs) and have pickle load using
that. I chose the pickletools method because of the additional security
benefits of avoiding using pickle.loads() on untrusted user data files.
On Tue, Oct 26, 2021 at 8:58 AM Florian Bruhin <me at the-compiler.org> wrote:
> On Tue, Oct 26, 2021 at 11:47:40AM +0200, Florian Bruhin wrote:
> > The harder way is to somehow coerce pickle into giving you the "raw"
> > data without the PyQt object involved...
>
> I just learned there's 'pickletools' in the stdlib:
> https://docs.python.org/3/library/pickletools.html
>
> Using that, you could inspect the pickle manually and pick the data out
> of it somehow. Given how pickles are structured, not exactly
> straightfoward either, though.
>
> Florian
>
> --
> me at the-compiler.org | https://www.qutebrowser.org
> https://bruhin.software/ |
> https://github.com/sponsors/The-Compiler/
> GPG: 916E B0C8 FD55 A072 | https://the-compiler.org/pubkey.asc
> I love long mails! | https://email.is-not-s.ms/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.riverbankcomputing.com/pipermail/pyqt/attachments/20211026/d602fc5d/attachment.htm>
More information about the PyQt
mailing list