[issue24802] int and float constructing from non NUL-terminated buffer
Serhiy Storchaka
report at bugs.python.org
Wed Nov 4 08:55:12 EST 2015
Serhiy Storchaka added the comment:
I prefer to merge issue24802 and issue24803 and discuss them at one place.
Here is merged and revised patch.
The patch is changed. There is a very rare corner case: when the type of argument is a subclass of bytes or bytearray with overloaded tp_as_buffer->bf_getbuffer, returned view can be not NUL terminated. To avoid ambiguity and for unifying with int constructor, I have added special cases for bytes and bytearray (this is also restores pre-issue22896 behavior for int(bytes, base)).
Tests are moved and added additional tests for memoryview slices.
>>> int(memoryview(b'123')[1:3])
23
>>> int(memoryview(b'123\x00')[1:3])
23
>>> int(memoryview(b'123 ')[1:3])
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: invalid literal for int() with base 10: b'23'
>>> int(memoryview(b'123A')[1:3])
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: invalid literal for int() with base 10: b'23'
>>> int(memoryview(b'1234')[1:3])
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: invalid literal for int() with base 10: b'23'
>>> float(memoryview(b'12.3')[1:4])
2.3
>>> float(memoryview(b'12.3\x00')[1:4])
2.3
>>> float(memoryview(b'12.3 ')[1:4])
2.3
>>> float(memoryview(b'12.3A')[1:4])
2.3
>>> float(memoryview(b'12.34')[1:4])
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
ValueError: could not convert string to float: <memory at 0xb6fee02c>
There is similar dangerously looking code for complex. But it is never executed, because complex accepts only one non-numeric type: str. The patch removes this misleading dead code.
----------
title: PyFloat_FromString Buffer Over-read -> int and float constructing from non NUL-terminated buffer
Added file: http://bugs.python.org/file40940/int_float_from_buffer.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24802>
_______________________________________
More information about the Python-bugs-list
mailing list