Le Saturday 19 July 2008 21:52:09 A.M. Kuchling, vous avez écrit : > Excellent work! Another fruitful area for fuzzing might be the > miniature virtual machine used by the re module. It's possible to > import _sre and call the compile() function directly (see the end of > Lib/sre_compile.py for how it's invoked); I wonder how the regex VM > copes with random strings of bytecode. Hum... how can I say it? It's trivial to crash _sre :-) So I blacklisted _sre.compile() in my fuzzer. For information, it's also very easy to crash CPython with fuzzed .pyc file. It's hard to check bytecode without execute it. It's maybe better to add checks directly in the VM. -- Victor Stinner aka haypo http://www.haypocalc.com/blog/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4