[Python-Dev] Fuzzing bugs: most bugs are closed

Mon Jul 21 14:03:08 CEST 2008

On 2008年07月20日 22:45, Victor Stinner wrote:
> Le Saturday 19 July 2008 21:52:09 A.M. Kuchling, vous avez écrit :
>> Excellent work! Another fruitful area for fuzzing might be the
>> miniature virtual machine used by the re module. It's possible to
>> import _sre and call the compile() function directly (see the end of
>> Lib/sre_compile.py for how it's invoked); I wonder how the regex VM
>> copes with random strings of bytecode.
>> Hum... how can I say it? It's trivial to crash _sre :-) So I blacklisted 
> _sre.compile() in my fuzzer.
>> For information, it's also very easy to crash CPython with fuzzed .pyc file.
>> It's hard to check bytecode without execute it. It's maybe better to add 
> checks directly in the VM.

I don't see that as a big problem: if you execute untrusted byte code,
you are on your own anyway... whether that's byte code for the re
engine or ceval.
-- 
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Jul 21 2008)
 >>> Python/Zope Consulting and Support ... http://www.egenix.com/
 >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
 >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::

 eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
 Registered at Amtsgericht Duesseldorf: HRB 46611