[Python-Dev] Fuzzing bugs: most bugs are closed (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Mon Jul 21 17:53:18 CEST 2008
- Previous message: [Python-Dev] Fuzzing bugs: most bugs are closed
- Next message: [Python-Dev] Fuzzing bugs: most bugs are closed
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Victor Stinner <victor.stinner haypocalc.com> writes:
Le Monday 21 July 2008 15:33:19 A.M. Kuchling, vous avez écrit : > On Sun, Jul 20, 2008 at 10:45:39PM +0200, Victor Stinner wrote: > > Hum... how can I say it? It's trivial to crash sre So I blacklisted > > sre.compile() in my fuzzer. > > We should certainly try to fix those issues, then; people usually > assume the re module is safe for use inside a sandbox and probably > aren't careful enough to block importing of the sre module. Why is this function public? Is it used by re module? Only sre module should be allowed to generated "regex bytecode".
The underscore at the beginning of _sre clearly indicates that the module is not recommended for direct consumption, IMO. Even the functions that don't themselves start with an underscore...
- Previous message: [Python-Dev] Fuzzing bugs: most bugs are closed
- Next message: [Python-Dev] Fuzzing bugs: most bugs are closed
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]