[Python-Dev] Fuzzing bugs: most bugs are closed
Steve Holden
steve at holdenweb.com
Mon Jul 21 03:37:47 CEST 2008
Victor Stinner wrote:
> Le Saturday 19 July 2008 21:52:09 A.M. Kuchling, vous avez écrit :
>> Excellent work! Another fruitful area for fuzzing might be the
>> miniature virtual machine used by the re module. It's possible to
>> import _sre and call the compile() function directly (see the end of
>> Lib/sre_compile.py for how it's invoked); I wonder how the regex VM
>> copes with random strings of bytecode.
>
> Hum... how can I say it? It's trivial to crash _sre :-) So I blacklisted
> _sre.compile() in my fuzzer.
>
> For information, it's also very easy to crash CPython with fuzzed .pyc file.
>
> It's hard to check bytecode without execute it. It's maybe better to add
> checks directly in the VM.
>
I think you'll find most developers (and many users too, come to that)
reluctant to add any checking that would slow down eval.c, the heart of
the virtual machine.
So unless you can find a way to add the checks without slowing it down,
an external checker might be better.
regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC http://www.holdenweb.com/
More information about the Python-Dev
mailing list