On 18 July 2018 at 17:49, Steve Holden wrote:
> On Tue, Jul 17, 2018 at 11:44 PM, Paul G wrote:
>>
>> In many languages numeric types can't hold arbitrarily large values, and I
>> for one hadn't really previously recognized that if you read in a numeric
>> value with an exponent that it would be
On 17.07.2018 19:44, Jussi Judin wrote:
Hi,
I have been fuzzing[1] various parts of Python standard library for Python 3.7
with python-afl[2] to find out internal implementation issues that exist in the
library. What I have been looking for are mainly following:
* Exceptions that are somethin
On Tue, 17 Jul 2018 at 15:41 Nathaniel Smith wrote:
> On Tue, Jul 17, 2018 at 9:44 AM, Jussi Judin wrote:
> > * Exceptions that are something else than the documented ones. These
> usually indicate an internal implementation issue. For example one would
> not expect an UnicodeDecodeError from ne
On Tue, Jul 17, 2018 at 11:44 PM, Paul G wrote:
> In many languages numeric types can't hold arbitrarily large values, and I
> for one hadn't really previously recognized that if you read in a numeric
> value with an exponent that it would be represented *exactly* in memory
> (and thus one object
In many languages numeric types can't hold arbitrarily large values, and I for
one hadn't really previously recognized that if you read in a numeric value
with an exponent that it would be represented *exactly* in memory (and thus one
object with a very compact representation can take up huge am
On Tue, Jul 17, 2018 at 9:44 AM, Jussi Judin wrote:
> * Exceptions that are something else than the documented ones. These usually
> indicate an internal implementation issue. For example one would not expect
> an UnicodeDecodeError from netrc.netrc() function when the documentation[3]
> promis
On Tue, Jul 17, 2018 at 4:57 PM Jussi Judin wrote:
> Quick answer: undocumented billion laughs/exponential entity expansion
> type of an attack that is accessible through web through any library that
> uses fractions module to parse user input (that are actually available on
> Github).
>
Are you
Quick answer: undocumented billion laughs/exponential entity expansion type of
an attack that is accessible through web through any library that uses
fractions module to parse user input (that are actually available on Github).
Could be mitigated by explicitly mentioning this in documentation,
I'm not a core Python Dev, but quick question, why would you expect "
fractions.Fraction("1.64E664644")" not to take 100s of megabytes and
hours to run?
Simply evaluating: 164 * 10**66464 will take hundreds of megabytes by
definition.
Regards
Damian
On Tue, Jul 17, 2018, 12:54 Jussi Jud
Hi,
I have been fuzzing[1] various parts of Python standard library for Python 3.7
with python-afl[2] to find out internal implementation issues that exist in the
library. What I have been looking for are mainly following:
* Exceptions that are something else than the documented ones. These usu
10 matches
Mail list logo
