[Python-Dev] Fuzzing bugs: most bugs are closed

M.-A. Lemburg mal at egenix.com
Mon Jul 21 14:03:08 CEST 2008

On 2008-07-20 22:45, Victor Stinner wrote:
> Le Saturday 19 July 2008 21:52:09 A.M. Kuchling, vous avez écrit :
>> Excellent work!  Another fruitful area for fuzzing might be the
>> miniature virtual machine used by the re module.  It's possible to
>> import _sre and call the compile() function directly (see the end of
>> Lib/sre_compile.py for how it's invoked); I wonder how the regex VM
>> copes with random strings of bytecode.
> Hum... how can I say it? It's trivial to crash _sre :-) So I blacklisted 
> _sre.compile() in my fuzzer.
> For information, it's also very easy to crash CPython with fuzzed .pyc file.
> It's hard to check bytecode without execute it. It's maybe better to add 
> checks directly in the VM.

I don't see that as a big problem: if you execute untrusted byte code,
you are on your own anyway... whether that's byte code for the re
engine or ceval.

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Jul 21 2008)
 >>> Python/Zope Consulting and Support ...        http://www.egenix.com/
 >>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
 >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/

:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::

    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
            Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Python-Dev mailing list