[docs] [issue32758] Stack overflow when parse long expression to AST

Serhiy Storchaka report at bugs.python.org
Fri Mar 9 16:19:56 EST 2018


Serhiy Storchaka <storchaka+cpython at gmail.com> added the comment:

I think we can ignore the inspect module. It is unlikely that it will cause a crash unintentionally, and it is hard to use this for attacks. The attacker needs to create an extension function with malicious __text_signature__, but if he is able to execute arbitrary binary code, there is a much larger problem.

And perhaps there is no need to repeat the warning for exec() and eval(). They are considered more dangerous than compile().

----------

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32758>
_______________________________________


More information about the docs mailing list