This is a complicated question and hard to answer in a general way. When protobuf-Python is compiled to use the C++ protobuf library, it will use C++ for all parsing. So all of the same protections against parsing untrusted input would apply.
When you are using the pure-Python protobuf implementation, I don't believe the same resource limits are enforced (for example, maximum size or maximum message depth). However, since the parsing code is pure-Python in this case, it shouldn't generally be possible to SEGV the program just by sending unexpected input. On Friday, July 8, 2016 at 9:34:23 AM UTC-7, Oi Lee wrote: > > Hello, > I saw this post Are protocol buffers hardened? > <https://groups.google.com/forum/#!searchin/protobuf/security/protobuf/DwyPEnvFJ-o/0akRpO15zWsJ>, > > but I noticed the response only mentioned safeguards for C++ and Java. May > we assume that these safeguards are in place for other languages like > Python, etc? > > Thank you for your assistance. > > -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to protobuf+unsubscr...@googlegroups.com. To post to this group, send email to protobuf@googlegroups.com. Visit this group at https://groups.google.com/group/protobuf. For more options, visit https://groups.google.com/d/optout.