Possibly Pythonic Tail Call Optimization (TCO/TRE)

Chris Angelico rosuav at gmail.com
Thu Jul 16 20:29:42 CEST 2015


On Fri, Jul 17, 2015 at 4:23 AM, Joonas Liik <liik.joonas at gmail.com> wrote:
> On 16 July 2015 at 20:49, Chris Angelico <rosuav at gmail.com> wrote:
>>
>> This sounds like a denial-of-service attack. If you can state that no
>> reasonable document will ever have more than 100 levels of nesting,
>> then you can equally state that cutting the parser off with a tidy
>> exception if it exceeds 100 levels is safe.
>>
> This particular example does have that kind of smell.. my bad for
> being careless with examples.
>
> what if its not a ddos tho, maybe its just strange data?
>

That's why you're allowed to change the default limit either
direction. If you're guarding against a DOS, you can crank it down; if
you're working with something where 1000 stack entries isn't
unreasonable, you can crank it up. I honestly don't know what you'd
want to do if 5000+ stack entries isn't enough, but if you're working
with something *that* deeply nested, you probably know a lot more
about what you're doing than I ever will. Maybe you could recompile
CPython with a bigger stack? Give Jython or PyPy a try? No idea. But
I'm sure it'd be possible somehow.

ChrisA


More information about the Python-list mailing list