pablo sacristan added the comment:
I'd like to but I don't have enough memory either, sorry.
--
versions: +Python 3.5, Python 3.6
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
pablo sacristan added the comment:
I know, but then shouldn't you try limiting the amount of data it allocates? Or
maybe allow for keyboard interrupts to be used while the it is going on,
because keyboard interrupts weren't working while it was working.
--
resolution: not a bug
New submission from pablo sacristan:
zlib.compress crashes when you put a lot of stuff into it and even when you try
keyboard interrupts it doesn't work for some reason, and Python gets killed
because trying to compress so much data gets the Python process get killed by
the kernel. If you put
New submission from pablo sacristan:
There is a crash on bytearray(), not really a crash but rather the process gets
killed by the kernel, but that is a crash, and the keyboard interrupt stops
working while bytearray is working, so you can either restart python or wait
for python to get
New submission from pablo sacristan:
There is an integer overflow on int() because python incorrectly checks the
length of the input.
int(0xFFF+10**80)
That line of code will freeze python until you restart it, which is as annoying
as if python had crashed.
Hope
New submission from pablo sacristan:
There is an integer overflow on hex() because python incorrectly checks the
length of the value to return overflow message if it were too big.
hex(0xFFF+10**80)
That line will freeze python until you restart it, which is the same
New submission from pablo sacristan:
There is an integer overflow on oct() because of incorrectly checking the
length.
oct(0xFFF+10**80)
That line will freeze python until you restart it, which is as good as crashed.
Hope it helps ;)
--
messages: 270709
nosy
New submission from pablo sacristan:
There is an integer overflow in dir():
dir(0xFFF+10**80)
That line will freeze python until you restart it, which makes it have the same
effect as a crash.
Hope it helps ;)
--
messages: 270708
nosy: pabstersac
priority
New submission from pablo sacristan:
There is an integer overflow in unicode() because python incorrectly checks the
length of unicode():
unicode(0xFFF+10**80)
That freezes python until you restart it which is basically the same effect as
crashing python.
Hope it helps
New submission from pablo sacristan:
There is an integer overflow on min() statements because python incorrectly
checks the length to put the overflow message, so it is possible to overflow
min()
min(0xFFF+10**80)
That line freezes python until you restart it, which
New submission from pablo sacristan:
There is an integer overflow because python doesn't check the length correctly
on print() statements:
print(0xFFF**100**8)
That will overflow and python would stop working, so it would be as good as
crashed :)
Hope
New submission from pablo sacristan:
There is an integer overflow because python doesn't check the length correctly
on arithmetic operations:
0xFFF**100**8
Just that line will freeze python, no oveflow message appears, no memory error,
and python basically
New submission from pablo sacristan:
There is an integer overflow because python doesn't check the length correctly
on bytearray:
bytearray(0xFFF**100**8)
That will not return an overflow message, and even though my hex knowledge is
very bad I do believe
New submission from pablo sacristan:
There is an integer overflow in bin() because python incorrectly checks the
length of the input in bin().
bin(0xFFF+10**80)
That line will freeze python until you restart it, which basically is a crash
because python stops working
New submission from pablo sacristan:
There is an integer overflow because python doesn't check the length as it does
with bytearray() and it still goes on, so by doing something like:
>>> import array
>>> float(array.array("L",b"a"*0xFFF+1
pablo sacristan added the comment:
Yes, but it is possible to blacklist some bytecode (it may be possible to
blacklist all or almost all malicious bytecode) and even more if the attacker
just wants to crash the target then the segfault would be an easy crash. It is
still an attack scenario
pablo sacristan added the comment:
I do agree it is not a very big problem, but it is still a problem. If a python
program took user input (maybe HTTP server) took user input (POST values) and
construct a code object with that input. It would be possible to crash it and
that can be bad
pablo sacristan added the comment:
I can also reproduce on 3.5 and on 3.4.
Thank you.
--
versions: +Python 3.4, Python 3.5
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/i
New submission from pablo sacristan:
The code is also simple on this one:
from types import CodeType as code
exec code(0, 2, 3, 0, "lol lolol", (), (), (), "", "", 0, "")
The interpreter isn't checking if the code object is correct, therefore it i
New submission from pablo sacristan:
The code is very simple:
import sys
sys.setrecursionlimit(1<<20)
test=lambda test:test(test)
test(test)
It basically works by changing the recursion limit and then starting an
infinite recursion, this quickly gives a segfault.
This can be used to
Changes by pablo sacristan <pabster...@gmail.com>:
--
status: closed -> open
___
Python tracker <rep...@bugs.python.org>
<http://bugs.pyt
pablo sacristan added the comment:
New content for crash.py:
import ctypes, struct, sys, os
inner = ()
outer = (inner,)
c_outer = (ctypes.c_char * sys.getsizeof(outer)).from_address(id(outer))
inner_index = c_outer[:].find(struct.pack('P', id(inner)))
c_outer
pablo sacristan added the comment:
Then it is no bug that it crashes python? You don't have to put it in a loop,
but by looping it I am adding the part that makes it take more time but will
keep on crashing infinitely, take away the while loop but not what it has
inside and then also delete
New submission from pablo sacristan:
import ctypes, struct, sys, os
while 1:
os.system('python /Users/pabstersac/Desktop/Python\ Files/crash.py')
#Change to your full path to the file
inner = ()
outer = (inner,)
c_outer = (ctypes.c_char * sys.getsizeof(outer)).from_address(id
24 matches
Mail list logo
