From 483f0a5d765033294a3b8ce9a04d4fc96170bbfc Mon Sep 17 00:00:00 2001
From: Paul Ivanov <pivanov5@bloomberg.net>
Date: Wed, 30 Jan 2019 14:22:44 -0800
Subject: BUG: load fails when using pickle without allow_pickle=True

a partial mitigation of #12759.

see also https://nvd.nist.gov/vuln/detail/CVE-2019-6446
---
 numpy/lib/npyio.py | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

(limited to 'numpy/lib/npyio.py')

diff --git a/numpy/lib/npyio.py b/numpy/lib/npyio.py
index beeba1334..38d7141fb 100644
--- a/numpy/lib/npyio.py
+++ b/numpy/lib/npyio.py
@@ -144,7 +144,11 @@ class NpzFile(Mapping):
         An object on which attribute can be performed as an alternative
         to getitem access on the `NpzFile` instance itself.
     allow_pickle : bool, optional
-        Allow loading pickled data. Default: True
+        Allow loading pickled data. Default: False
+
+        .. versionchanged:: 1.17.0, 1.16.3
+            Switched from True to False in response to CVE-2019-6446.
+
     pickle_kwargs : dict, optional
         Additional keyword arguments to pass on to pickle.load.
         These are only useful when loading object arrays saved on
@@ -180,7 +184,7 @@ class NpzFile(Mapping):
 
     """
 
-    def __init__(self, fid, own_fid=False, allow_pickle=True,
+    def __init__(self, fid, own_fid=False, allow_pickle=False,
                  pickle_kwargs=None):
         # Import is postponed to here since zipfile depends on gzip, an
         # optional component of the so-called standard library.
@@ -283,7 +287,7 @@ class NpzFile(Mapping):
 
 
 @set_module('numpy')
-def load(file, mmap_mode=None, allow_pickle=True, fix_imports=True,
+def load(file, mmap_mode=None, allow_pickle=False, fix_imports=True,
          encoding='ASCII'):
     """
     Load arrays or pickled objects from ``.npy``, ``.npz`` or pickled files.
@@ -311,8 +315,11 @@ def load(file, mmap_mode=None, allow_pickle=True, fix_imports=True,
         Allow loading pickled object arrays stored in npy files. Reasons for
         disallowing pickles include security, as loading pickled data can
         execute arbitrary code. If pickles are disallowed, loading object
-        arrays will fail.
-        Default: True
+        arrays will fail. Default: False
+
+        .. versionchanged:: 1.17.0, 1.16.3
+            Switched from True to False in response to CVE-2019-6446.
+
     fix_imports : bool, optional
         Only useful when loading Python 2 generated pickled files on Python 3,
         which includes npy/npz files containing object arrays. If `fix_imports`
-- 
cgit v1.2.1