Thank you for the quick response! :)

On Friday, July 8, 2016 at 4:29:46 PM UTC-6, Josh Haberman wrote:
>
> This is a complicated question and hard to answer in a general way.
>
> When protobuf-Python is compiled to use the C++ protobuf library, it will 
> use C++ for all parsing. So all of the same protections against parsing 
> untrusted input would apply.
>
> When you are using the pure-Python protobuf implementation, I don't 
> believe the same resource limits are enforced (for example, maximum size or 
> maximum message depth). However, since the parsing code is pure-Python in 
> this case, it shouldn't generally be possible to SEGV the program just by 
> sending unexpected input.
>
> On Friday, July 8, 2016 at 9:34:23 AM UTC-7, Oi Lee wrote:
>>
>> Hello,
>> I saw this post Are protocol buffers hardened? 
>> <https://groups.google.com/forum/#!searchin/protobuf/security/protobuf/DwyPEnvFJ-o/0akRpO15zWsJ>,
>>  
>> but I noticed the response only mentioned safeguards for C++ and Java. May 
>> we assume that these safeguards are in place for other languages like 
>> Python, etc? 
>>
>> Thank you for your assistance.
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Protocol Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to protobuf+unsubscr...@googlegroups.com.
To post to this group, send email to protobuf@googlegroups.com.
Visit this group at https://groups.google.com/group/protobuf.
For more options, visit https://groups.google.com/d/optout.

Reply via email to