If you pass a dictionary with a circular reference into any API call, the namespace layer performs a "deep" copy without checking for circular references, and eventually overflows.
Here is an example exploit:
d = {"test":123}
d["ref"] = d
sleep(d)
This is especially problematic for the virtual namespace, where this is something that is very plausible, and likely to occur.
Author: jsamuel
Fixed in r3247 (and some cleanup and frozenset changes in r3248). I don't believe there were any security concerns as untrusted programs can cause a stack overflow directly, if desired.
If you pass a dictionary with a circular reference into any API call, the namespace layer performs a "deep" copy without checking for circular references, and eventually overflows.
Here is an example exploit:
This is especially problematic for the virtual namespace, where this is something that is very plausible, and likely to occur.