Infinite recursion with ast module - ebranca/owasp-pysec GitHub Wiki

Classification

  • Affected Components : builtin, ast

  • Operating System : Linux

  • Python Versions : 2.6.x, 2.7.x, 3.1.x, 3.2.x

  • Reproducible : Yes

Source code

import ast

e = ast.UnaryOp(op=ast.Not(), lineno=0, col_offset=0)

e.operand = e

compile(ast.Expression(e), "<test>", "eval")

Steps to Produce/Reproduce

To reproduce the problem copy the source code in a file and execute the script using the following command syntax:

$ python -OOBRtt test.py

Alternatively you can open python in interactive mode:

$ python -OOBRtt <press enter>

Then copy the lines of code into the interpreter.

Description

The sample source code uses the module ast and generates an error in the core libraries that leads to an interpreter crash or Segmentation fault.

python -OOBRtt 'test.py' 
Segmentation fault

The test code generates an infinite recursion that is a condition non handled by python and as a conseguence the interpreter crashed.

Python does not have cycle detection code or system do add recursion limits dynamically based on the system resources.

Workaround

We are not aware on any easy solution other than trying to avoid using 'ast' in cases like the one examined.

Secure Implementation

WORK IN PROGRESS

References

[Python ast module][01] [01]:https://docs.python.org/2/library/ast.html

[Python compiler][02] [02]:https://docs.python.org/2/library/compiler.html

[Python bug 11105][03] [03]:http://bugs.python.org/issue11105

Main site: pythonsecurity.org

OWASP Page: owasp.org/index.php/OWASP_Python_Security_Project

⚠️ **GitHub.com Fallback** ⚠️