Recursion Memory errors - ebranca/owasp-pysec GitHub Wiki

Classification

• Affected Components : builtin

• Operating System : Linux

• Python Versions : 2.6.x, 2.7.x, 3.1.x, 3.2.x

• Reproducible : Yes

Source code

import sys

((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((
1
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

sys.exit(0)

Steps to Produce/Reproduce

To reproduce the problem copy the source code in a file and execute the script using the following command syntax:

$ python -OOBRtt test.py

Alternatively you can open python in interactive mode:

$ python -OOBRtt <press enter>

Then copy the lines of code into the interpreter.

Description

Script execution generates a memory error like in the two following cases:

Example 1

s_push: parser stack overflow
MemoryError

Example 2

python -OOBRtt test.py
s_push: parser stack overflow MemoryError

Python has internal recursion limits but is lacking controls on code recursion and there is no logic to evaluate system parameters and capabilities to scale the limit dynamically.

As a consequence the interpreter generates a MemoryError where in fact is a recursion error but the deep call stack of the recursion would require an instantiation of each object and this generates the memory related error.

Workaround

We are not aware on any easy solution other than trying to avoid deep recursion calls like in cases as the one examined.

Secure Implementation

WORK IN PROGRESS

References

[Python sys module][01] [01]:https://docs.python.org/2/library/sys.html