[docs] [issue32758] Stack overflow when parse long expression to AST

Serhiy Storchaka report at bugs.python.org
Sat Mar 3 06:55:24 EST 2018

Serhiy Storchaka <storchaka+cpython at gmail.com> added the comment:

Thank you Brett! The comment LGTM.

Is it worth to add warnings to other functions?

* compile(), exec() and eval(). They are crashed due to recursion in the AST optimizer. This is a regression of 3.7. compile(..., PyCF_ONLY_AST) is the same as ast.parse() and crashed in older versions.

* dbm.dumb.open(). It calls ast.literal_eval(). The dbm.dumb databases are considered slow but portable. Before issue22885 this function was even more vulnerable due to using eval(). Since changing it to ast.literal_eval() some developers could consider it safe, but this is not true.

* A number of functions in the inspect module which directly or indirectly call ast.parse() on the __text_signature__ attribute. The risk of this vulnerability is very low.

versions: +Python 2.7

Python tracker <report at bugs.python.org>

More information about the docs mailing list