[Python-Dev] Is core dump always a bug? Advice requested

Christian Tismer tismer at stackless.com
Thu May 13 07:08:08 EDT 2004


Greg Ewing wrote:

> Guido:
> 
> 
>>>As long as it's possible to attempt to execute arbitrary strings
>>>as bytecode, I'd say ceval should be robust against this.
>>
>>This ought to be a long-term project then: write a bytecode verifier.
>>It's not a trivial task!
> 
> 
> When I wrote that, I was assuming that ceval was already mostly robust
> in this respect, and that what was being reported was a new hole
> recently opened up.
> 
> But it appears I was gravely mistaken, and that ceval has been full of
> gaping holes from the beginning.
> 
> I'm disappointed to learn this, because I had always regarded it as an
> axiom that no Python-level code should be capable of crashing the
> interpreter, and if it can, this represents a bug. However, it seems
> this axiom has not been adhered to in the design of ceval.

I don't think so. ceval appears to be absolutely robust against byte
code that the bytecode compiler has generated.
I think the design error was to expose code object construction
without safety belts.

ciao - chris
-- 
Christian Tismer             :^)   <mailto:tismer at stackless.com>
Mission Impossible 5oftware  :     Have a break! Take a ride on Python's
Johannes-Niemeyer-Weg 9a     :    *Starship* http://starship.python.net/
14109 Berlin                 :     PGP key -> http://wwwkeys.pgp.net/
work +49 30 89 09 53 34  home +49 30 802 86 56  mobile +49 173 24 18 776
PGP 0x57F3BF04       9064 F4E1 D754 C2FF 1619  305B C09C 5A3B 57F3 BF04
      whom do you want to sponsor today?   http://www.stackless.com/




More information about the Python-Dev mailing list