[Python-Dev] Negative times behaviour in itertools.repeat for Python maintenance releases (2.7, 3.3 and maybe 3.4) (original) (raw)
Vajrasky Kok sky.kok at speaklikeaking.com
Mon Jan 27 13:22:53 CET 2014
- Previous message: [Python-Dev] Negative times behaviour in itertools.repeat for Python maintenance releases (2.7, 3.3 and maybe 3.4)
- Next message: [Python-Dev] Negative times behaviour in itertools.repeat for Python maintenance releases (2.7, 3.3 and maybe 3.4)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jan 27, 2014 at 5:38 PM, Antoine Pitrou <solipsis at pitrou.net> wrote:
I would say not backport at all. The security threat is highly theoretical. If someone blindly accepts user values for repeat(), the user value can just as well be a very large positive with similar effects (e.g. 2**31).
I can not comment about whether this is security issue or not. But the effect of large positive number is not similar to the effect of unlimited repetitions.
from itertools import repeat list(repeat('a', 2**31)) Traceback (most recent call last): File "", line 1, in MemoryError list(repeat('a', 2**99)) Traceback (most recent call last): File "", line 1, in OverflowError: Python int too large to convert to C ssize_t list(repeat('a', times=-1)) ...this freezes my computer...
That is why I prefer we backport the fix (either partial or full). If not, giving a big warning in the documentation should suffice.
- Previous message: [Python-Dev] Negative times behaviour in itertools.repeat for Python maintenance releases (2.7, 3.3 and maybe 3.4)
- Next message: [Python-Dev] Negative times behaviour in itertools.repeat for Python maintenance releases (2.7, 3.3 and maybe 3.4)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]