[Zope-dev] Re: Strange "Bug" in Scripts (Python) and Python code ...
Evan Simpson
evan@4-am.com
Tue, 22 Oct 2002 16:41:39 -0500
Joachim Werner wrote:
> These few lines brought the Zope server (and the Browser I used for testing)
> to a halt:
>
> html = ''
> for letter in 'ABCDEFGHIJKLMNOPQRSTUVWXYZ':
> html += '|'.join([html, letter])
> return html
This computes a string O(2^26) in length. Scripts make very little
attempt to prevent excessive consumption of memory or CPU, since the
only sure way to do this is to have hard OS-level limits on a per-thread
basis, plus the ability to cleanly shut down a thread that violated the
limits.
If someone maliciously writes a Script to take down your Zope, you can
revoke their login (unless you allow Anonymous to edit Scripts :-P). It
would be nice to more protection against code such as your example that
accidentally spins out of control, but your example also demonstrates
just how hard this is to do. The interpreter would have to check the
size of every object it constructed, at every step, in order to catch
this case. This could easily drag performance down by an order of
magnitude.
Cheers,
Evan @ 4-am