Pickle `load_build` function checks if `slotstate` is False, not a dict

[Legoclones]

Bug report

Bug description:

This issue is similar to Issue #128965. Inside of the load_build() function, Python pickle assumes that slotstate is a dictionary while C _pickle explicitly checks to ensure it's a dictionary. The behavior of these two implementations diverge when slotstate is falsey but not a dictionary.

payload:      b'NN\x8f\x86b.'

pickle:       None
_pickle.c:    FAILURE slot state is not a dictionary
pickletools:
    0: N    NONE
    1: N    NONE
    2: \x8f EMPTY_SET
    3: \x86 TUPLE2
    4: b    BUILD
    5: .    STOP
highest protocol among opcodes = 4

In this case, opcode 2 (EMPTY_SET) is slotstate. When running in pickle.py, this is falsey and thus the code inside setting attributes will not be run, causing the pickle to continue deserializing without any errors.

cpython/Lib/pickle.py

Line 1868 in 29acc08

if slotstate:

When running in _pickle.c, this value is not a dictionary, causing an error to be thrown.

cpython/Modules/_pickle.c

Line 6903 in 29acc08

if (!PyDict_Check(slotstate)) {

I guess also in general I'm not understanding what the if slotstate in pickle.py is meant to do anyway. If it's supposed to check if slotstate == None, then the C _pickle module doesn't do that correctly. It checks if slotstate is NULL, which is not the same as PyNone.

cpython/Modules/_pickle.c

Line 6899 in 29acc08

if (slotstate != NULL) {

CPython versions tested on:

CPython main branch

Operating systems tested on:

Linux

[Krishna-web-hub]

Hello @Legoclones , i generated the same pickletools.dis(payload) but while unpicking it both pickle.py and _pickle.c are raising error for the input provided can you tell me how you tested cause i got normal behavior for windows(python - 3.12, 3.13, 3.14) and same for Linux.