[Python-Dev] Negative times behaviour in itertools.repeat for Python maintenance releases (2.7, 3.3 and maybe 3.4)
Vajrasky Kok
sky.kok at speaklikeaking.com
Mon Jan 27 13:22:53 CET 2014
More information about the Python-Dev mailing list
Mon Jan 27 13:22:53 CET 2014
- Previous message: [Python-Dev] Negative times behaviour in itertools.repeat for Python maintenance releases (2.7, 3.3 and maybe 3.4)
- Next message: [Python-Dev] Negative times behaviour in itertools.repeat for Python maintenance releases (2.7, 3.3 and maybe 3.4)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jan 27, 2014 at 5:38 PM, Antoine Pitrou <solipsis at pitrou.net> wrote: > > I would say not backport at all. The security threat is highly > theoretical. If someone blindly accepts user values for repeat(), the > user value can just as well be a very large positive with similar > effects (e.g. 2**31). > I can not comment about whether this is security issue or not. But the effect of large positive number is not similar to the effect of unlimited repetitions. >>> from itertools import repeat >>> list(repeat('a', 2**31)) Traceback (most recent call last): File "<stdin>", line 1, in <module> MemoryError >>> list(repeat('a', 2**99)) Traceback (most recent call last): File "<stdin>", line 1, in <module> OverflowError: Python int too large to convert to C ssize_t >>> list(repeat('a', times=-1)) ...this freezes my computer... That is why I prefer we backport the fix (either partial or full). If not, giving a big warning in the documentation should suffice.
- Previous message: [Python-Dev] Negative times behaviour in itertools.repeat for Python maintenance releases (2.7, 3.3 and maybe 3.4)
- Next message: [Python-Dev] Negative times behaviour in itertools.repeat for Python maintenance releases (2.7, 3.3 and maybe 3.4)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list