[issue32757] Python 2.7 : Buffer Overflow vulnerability in exec() function
Terry J. Reedy
report at bugs.python.org
Fri Feb 9 18:58:33 EST 2018
Terry J. Reedy <tjreedy at udel.edu> added the comment:
I am pretty sure that if one deletes the prefix 'exec(' and suffic ')' and just executes argument expression that has something on the order of 10000 chr(nn) calls added together, one would get the same result. In other words, I believe that the outer exec and the origin of the expression and the individual nn values are irrelevant.
It is known that the Python compiler handles at least some recursive expressions with recursion and therefore has limits on the complexity of expressions it can handle. The stackoverflow crash, instead of an exception, *is* a bug. It was fixed sometime in 3.x. With 3.6.4:
C:\Users\Terry>python f:/dev/tem/poc.py
RecursionError: maximum recursion depth exceeded during compilation
Perhaps one of the compiler experts knows whether the fix cannot be backported (within reasonable effort) or just has not been.
----------
nosy: +benjamin.peterson, brett.cannon, ncoghlan, terry.reedy, yselivanov
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32757>
_______________________________________
More information about the Python-bugs-list
mailing list