>>> code = '()' * 1000000 >>> ast.literal_eval(code) [1] 3061 segmentation fault (core dumped) python2
or possibly smaller will crash with SIGSEGV in Python 2. It might be exploitable under some conditions. This particular bug has got some mitigations in Python 3, but bugs may still exist in the AST parser, as evidenced by a crash that user caot found out is happening in Red Hat 9 with 3.9.18:
$ python Python 3.9.18 (main, Jan 24 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import ast >>> code = '()' * 100 >>> ast.literal_eval(code) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib64/python3.9/ast.py", line 105, in literal_eval return _convert(node_or_string) File "/usr/lib64/python3.9/ast.py", line 104, in _convert return _convert_signed_num(node) File "/usr/lib64/python3.9/ast.py", line 78, in _convert_signed_num return _convert_num(node) File "/usr/lib64/python3.9/ast.py", line 69, in _convert_num _raise_malformed_node(node) File "/usr/lib64/python3.9/ast.py", line 66, in _raise_malformed_node raise ValueError(f'malformed node or string: {node!r}') ValueError: malformed node or string: <ast.Call object at 0x7f882ad96fa0> >>> code = '()' * 1000000 >>> ast.literal_eval(code) Segmentation fault (core dumped)