But the point is that the compiler is recursive, and processing nested constructs consumes the C stack. There are some guards against too deep recursion (2.7 has less guards and more vulnerable), but it is hard to prove that all vulnerabilities are fixed.

Your method (limiting the size of the input) helps against some attacks. Other methods -- restricting the set of characters and the number of parenthesis, braces and brackets.

Hmm — I’d never really thought about it, bust presumably ast.literal_eval was designed for use in the compiler— or at least uses the compiler to do its real work.

So maybe what we really need is a literal-eval that is DESIGNED to be a safe Python literal parser.

Like a JSON parser but supporting the richer Python literal set.