[issue24917] time_strftime() Buffer Over-read
Larry Hastings
report at bugs.python.org
Sun Sep 6 06:49:19 CEST 2015
Larry Hastings added the comment:
The tests from this patch fail on Linux.
-----
First: There is no trailing % test on Linux, and glibc's strftime() happily ignores a trailing %, so no ValueError is raised.
Python should do either one or the other of the following:
1) Python should enforce no trailing % in the strftime format string,
or
2) the test suite shouldn't assume that a trailing % in the strftime
value string raises a ValueError.
I can live with either of these, not sure what the right decision is.
-----
Second: The test from the patch assumes that strftime('%#') will raise a ValueError. Again, strftime in Linux glibc happily accepts "%#" as a format string and thus no ValueError is raised.
Python is agnostic about native format units in the strftime() format string. Therefore I strongly assert that Python must not assume that "%#" is an illegal format string. Therefore the tests must not assume that "%#" raises ValueError.
Given that the code used to crash, I do want the code path exercised in the test suite. So I propose that the test attempt time.strftime('%#') and accept either success or ValueError.
-----
Given that I've accepted this patch into 3.5.0, and it's now blocking my release, it is implicitly a "release blocker". I need to resolve this tonight before I can tag 3.5.0rc3. I'm going to dinner, and maybe we can have a quick discussion and come to a decision in the next hour or two.
p.s. The checkin also flunked PEP 7. *sigh*
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24917>
_______________________________________
More information about the Python-bugs-list
mailing list