Ned Deily <n...@python.org> added the comment: > I agree that it is very small, but I still think it is indeed a security > issue, because it can crash real world program when called by some library > used in Deep Learning ASR project.
That sounds like a programming error, not a security bug. The case you describe causes a Python exception to be raised. As noted in the Python Language Reference: "Exceptions are a means of breaking out of the normal flow of control of a code block in order to handle errors or other exceptional conditions." Any program using Python libraries needs to be prepared to handle a wide variety of exception, particularly if the program is dealing with external data, like an arbitrary audio file. If a program is failing because it fails to properly check for exceptions, like by using a "try" block, that's a bug in the program, not a security problem in Python. > Does a CVE assigned have any negative impact on you? Yes, because it implies that there is some security problem in Python that downstream vendors and users need to be concerned about and should expect some fix or other mediation from the responsible project. That is not the case here. Now, as Serhily noted, it might be nice if the exception produced a more meaningful message but changing that would not change the end result for a program: it will still see an exception and either need to handle it or be terminated like with any other Python exception. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue32056> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
