Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why is there a length limit to python's eval?

Tags:

I'm not advocating that this would ever be a good idea, but I've found that you can crash Python (2.7 and 3.2 checked) by running eval on a large enough input string:

def kill_python(N):     S = '+'.join((str(n) for n in xrange(N)))     return eval(S)

On my computer S can be generated just fine, but for values of approximately N>74900, Python will fail with Segmentation fault (core dumped). Is there a limit to the length of string (or parse tree) that the interpreter can handle?

Note: I don't need to do this, to me this is a deeper question reflecting my ignorance of what goes on inside the box. I'd like to understand why Python fails here, and so catastrophically (why not throw an exception?)

like image 728
Hooked Avatar asked Jul 24 '12 16:07

Hooked

People also ask

Why is eval not recommended?

Reasons to Avoid Using eval() Here's some of the reasons to avoid using it: Malicious code : invoking eval can crash a computer. For example: if you use eval server-side and a mischievous user decides to use an infinite loop as their username.

What can I use instead of eval in Python?

literal_eval may be a safer alternative. literal_eval() would only evaluate literals, not algebraic expressions.

What is the purpose of eval in Python?

Answer: eval is a built-in- function used in python, eval function parses the expression argument and evaluates it as a python expression. In simple words, the eval function evaluates the “String” like a python expression and returns the result as an integer.

What is the use of eval () method in List explain with an example?

In this program, expression can have sqrt() method and variable a only. All other methods and variables are unavailable. Restricting the use of eval() by passing globals and locals dictionaries will make your code secure particularly when you are using input provided by the user to the eval() method.

1 Answers

This issue is caused by a stack overflow in the CPython compiler. An easy way to reproduce the same issue is

>>> code = compile("1" + "+1" * 1000000, "", "eval") Segmentation fault

which proves that the segfault is happening at the compile stage, not during evaluation. (Of course this is also easy to confirm with gdb.)

[Side note: For smaller expressions, the compiler would apply constant folding here anyway, so the only thing happening during the execution of the code is to load the result:

>>> code = compile("1" + "+1" * 1000, "", "eval") >>> eval(code) 1001 >>> dis.dis(code)   1           0 LOAD_CONST            1000 (1001)               3 RETURN_VALUE

End of side note.]

This issue is a known defect. The Python developers collected several ways to crash the Python interpreter in the directory Lib/test/crashers of the source distribution. The one corresponding to this issue is Lib/test/crashers/compiler_recursion.py.

like image 162
Sven Marnach Avatar answered Sep 23 '22 17:09

Sven Marnach
Sign in to Comment

Related questions

Improving OCR performance on multi-paragraph scans
Why are redundant scope qualifications supported by the compiler, and is it legal?
C - create file in memory
PHPdoc - defining object properties for an object of stdClass
MVC 4 Connectionstring to SQL Server 2012
How can i replace type_orientation (is deprecated) for android 4.0.3?
Understanding “408 Request Timeout” on Apache with PHP
How to add an external jar file to the classpath dynamically at runtime? [duplicate]
Inline PDF images in org-mode
why is pip so SLOW to download? (how to troubleshoot?)
Capturing 1080p at 30fps from logitech c920 with openCV 2.4.3
Conflict with two jquery datepickers on same page

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!