Victor Stinner <victor.stinner <at> haypocalc.com> writes: > > Le Monday 21 July 2008 15:33:19 A.M. Kuchling, vous avez écrit : > > On Sun, Jul 20, 2008 at 10:45:39PM +0200, Victor Stinner wrote: > > > Hum... how can I say it? It's trivial to crash _sre So I blacklisted > > > _sre.compile() in my fuzzer. > > > > We should certainly try to fix those issues, then; people usually > > assume the re module is safe for use inside a sandbox and probably > > aren't careful enough to block importing of the _sre module. > > Why is this function public? Is it used by re module? Only _sre module should > be allowed to generated "regex bytecode".
The underscore at the beginning of _sre clearly indicates that the module is not recommended for direct consumption, IMO. Even the functions that don't themselves start with an underscore... _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
