[Python-Dev] Fuzzing bugs: most bugs are closed

A.M. Kuchling amk at amk.ca
Mon Jul 21 15:33:19 CEST 2008


On Sun, Jul 20, 2008 at 10:45:39PM +0200, Victor Stinner wrote:
> Hum... how can I say it? It's trivial to crash _sre :-) So I blacklisted 
> _sre.compile() in my fuzzer.

We should certainly try to fix those issues, then; people usually
assume the re module is safe for use inside a sandbox and probably
aren't careful enough to block importing of the _sre module.

--amk


More information about the Python-Dev mailing list