[docs] [issue32758] Stack overflow when parse long expression to AST
Serhiy Storchaka
report at bugs.python.org
Sat Mar 3 06:55:24 EST 2018
Serhiy Storchaka <storchaka+cpython at gmail.com> added the comment:
Thank you Brett! The comment LGTM.
Is it worth to add warnings to other functions?
* compile(), exec() and eval(). They are crashed due to recursion in the AST optimizer. This is a regression of 3.7. compile(..., PyCF_ONLY_AST) is the same as ast.parse() and crashed in older versions.
* dbm.dumb.open(). It calls ast.literal_eval(). The dbm.dumb databases are considered slow but portable. Before issue22885 this function was even more vulnerable due to using eval(). Since changing it to ast.literal_eval() some developers could consider it safe, but this is not true.
* A number of functions in the inspect module which directly or indirectly call ast.parse() on the __text_signature__ attribute. The risk of this vulnerability is very low.
----------
versions: +Python 2.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32758>
_______________________________________
More information about the docs
mailing list