[Python-Dev] Fuzzing bugs: most bugs are closed
Victor Stinner
victor.stinner at haypocalc.com
Mon Jul 21 15:54:11 CEST 2008
Le Monday 21 July 2008 15:33:19 A.M. Kuchling, vous avez écrit :
> On Sun, Jul 20, 2008 at 10:45:39PM +0200, Victor Stinner wrote:
> > Hum... how can I say it? It's trivial to crash _sre :-) So I blacklisted
> > _sre.compile() in my fuzzer.
>
> We should certainly try to fix those issues, then; people usually
> assume the re module is safe for use inside a sandbox and probably
> aren't careful enough to block importing of the _sre module.
Why is this function public? Is it used by re module? Only _sre module should
be allowed to generated "regex bytecode".
--
Victor Stinner aka haypo
http://www.haypocalc.com/blog/
More information about the Python-Dev
mailing list