Guido: > > As long as it's possible to attempt to execute arbitrary strings > > as bytecode, I'd say ceval should be robust against this. > > This ought to be a long-term project then: write a bytecode verifier. > It's not a trivial task! When I wrote that, I was assuming that ceval was already mostly robust in this respect, and that what was being reported was a new hole recently opened up. But it appears I was gravely mistaken, and that ceval has been full of gaping holes from the beginning. I'm disappointed to learn this, because I had always regarded it as an axiom that no Python-level code should be capable of crashing the interpreter, and if it can, this represents a bug. However, it seems this axiom has not been adhered to in the design of ceval. Greg Ewing, Computer Science Dept, +--------------------------------------+ University of Canterbury, | A citizen of NewZealandCorp, a | Christchurch, New Zealand | wholly-owned subsidiary of USA Inc. | greg at cosc.canterbury.ac.nz +--------------------------------------+
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4