Victor Stinner <victor.stinner <at> haypocalc.com> writes: > > Le Monday 21 July 2008 15:33:19 A.M. Kuchling, vous avez écrit : > > On Sun, Jul 20, 2008 at 10:45:39PM +0200, Victor Stinner wrote: > > > Hum... how can I say it? It's trivial to crash _sre So I blacklisted > > > _sre.compile() in my fuzzer. > > > > We should certainly try to fix those issues, then; people usually > > assume the re module is safe for use inside a sandbox and probably > > aren't careful enough to block importing of the _sre module. > > Why is this function public? Is it used by re module? Only _sre module should > be allowed to generated "regex bytecode". The underscore at the beginning of _sre clearly indicates that the module is not recommended for direct consumption, IMO. Even the functions that don't themselves start with an underscore...
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4