07.11.17 16:41, Steven D'Aprano пише:
On Tue, Nov 07, 2017 at 03:35:58PM +0200, Serhiy Storchaka wrote:
07.11.17 12:29, אלעזר пише:
Also, it is unfortunate that `ast.literal_eval` is less accessible than `builtins.eval`. Giving it an alias in builtins might make it easier for programmers (and less scary - "ast" might sound like I need a PhD to use it).
ast.literal_eval is not so safe as you think. Malicious input can cause a stack overflow in your program. 
I don't see anything about literal_eval in that bug report.
Sorry, this particular issue isn't related to literal_eval. There was other recently fixed issue, but I forgot its number.
But the point is that the compiler is recursive, and processing nested constructs consumes the C stack. There are some guards against too deep recursion (2.7 has less guards and more vulnerable), but it is hard to prove that all vulnerabilities are fixed.
Your method (limiting the size of the input) helps against some attacks. Other methods -- restricting the set of characters and the number of parenthesis, braces and brackets.