Greg Ewing wrote:
> Guido:
>
>
>>>As long as it's possible to attempt to execute arbitrary strings
>>>as bytecode, I'd say ceval should be robust against this.
>>
>>This ought to be a long-term project then: write a bytecode verifier.
>>It's not a trivial task!
>
>
> When I wrote that, I was assuming that ceval was already mostly robust
> in this respect, and that what was being reported was a new hole
> recently opened up.
>
> But it appears I was gravely mistaken, and that ceval has been full of
> gaping holes from the beginning.
>
> I'm disappointed to learn this, because I had always regarded it as an
> axiom that no Python-level code should be capable of crashing the
> interpreter, and if it can, this represents a bug. However, it seems
> this axiom has not been adhered to in the design of ceval.
I don't think so. ceval appears to be absolutely robust against byte
code that the bytecode compiler has generated.
I think the design error was to expose code object construction
without safety belts.
ciao - chris
--
Christian Tismer :^) <mailto:tismer at stackless.com>
Mission Impossible 5oftware : Have a break! Take a ride on Python's
Johannes-Niemeyer-Weg 9a : *Starship* http://starship.python.net/
14109 Berlin : PGP key -> http://wwwkeys.pgp.net/
work +49 30 89 09 53 34 home +49 30 802 86 56 mobile +49 173 24 18 776
PGP 0x57F3BF04 9064 F4E1 D754 C2FF 1619 305B C09C 5A3B 57F3 BF04
whom do you want to sponsor today? http://www.stackless.com/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4