Menu
I'm not advocating that this would ever be a good idea, but I've found that you can crash Python (2.7 and 3.2 checked) by running eval on a large enough input string:
def kill_python(N): S = '+'.join((str(n) for n in xrange(N))) return eval(S) On my computer S can be generated just fine, but for values of approximately N>74900, Python will fail with Segmentation fault (core dumped). Is there a limit to the length of string (or parse tree) that the interpreter can handle?
Note: I don't need to do this, to me this is a deeper question reflecting my ignorance of what goes on inside the box. I'd like to understand why Python fails here, and so catastrophically (why not throw an exception?)
728
Reasons to Avoid Using eval() Here's some of the reasons to avoid using it: Malicious code : invoking eval can crash a computer. For example: if you use eval server-side and a mischievous user decides to use an infinite loop as their username.
literal_eval may be a safer alternative. literal_eval() would only evaluate literals, not algebraic expressions.
Answer: eval is a built-in- function used in python, eval function parses the expression argument and evaluates it as a python expression. In simple words, the eval function evaluates the “String” like a python expression and returns the result as an integer.
In this program, expression can have sqrt() method and variable a only. All other methods and variables are unavailable. Restricting the use of eval() by passing globals and locals dictionaries will make your code secure particularly when you are using input provided by the user to the eval() method.
This issue is caused by a stack overflow in the CPython compiler. An easy way to reproduce the same issue is
>>> code = compile("1" + "+1" * 1000000, "", "eval") Segmentation fault which proves that the segfault is happening at the compile stage, not during evaluation. (Of course this is also easy to confirm with gdb.)
[Side note: For smaller expressions, the compiler would apply constant folding here anyway, so the only thing happening during the execution of the code is to load the result:
>>> code = compile("1" + "+1" * 1000, "", "eval") >>> eval(code) 1001 >>> dis.dis(code) 1 0 LOAD_CONST 1000 (1001) 3 RETURN_VALUE End of side note.]
This issue is a known defect. The Python developers collected several ways to crash the Python interpreter in the directory Lib/test/crashers of the source distribution. The one corresponding to this issue is Lib/test/crashers/compiler_recursion.py.
162
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
