[issue2587] PyString_FromStringAndSize() to be considered unsafe
Alexander Belopolsky
report at bugs.python.org
Wed Apr 9 17:04:23 CEST 2008
Alexander Belopolsky <belopolsky at users.sourceforge.net> added the comment:
I agree that PySSL_SSLread should check that its argument is >= 0. I
don't think this check belongs to PyString_FromStringAndSize. It
should be the responsibility of the caller to verify that the
precondition size >= 0 is satisfied before calling PyString_FromStringAndSize. Oftentimes the caller can ascertain size >=
0 without an explicit check, for example, if size is the size of a
buffer or length of a valid string object.
On the other hand, an external input such as the len argument to the
read function should be checked before used.
I would also suggest changing the len type from int to Py_ssize_t.
I agree with Amaury that assert(size>=0) is sufficient in PyString_FromStringAndSize(), but its documentation should emphasize
that the caller is responsible for assuring that the requested length is
nonnegative.
I don't think the upper bound check is necessary: sizeof(PyStringObject)
+ size will not wrap around as long as size >= 0.
----------
nosy: +belopolsky
__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue2587>
__________________________________
More information about the Python-bugs-list
mailing list