On Thu, Jun 27, 2013 at 12:07 AM, Victor Stinner <victor.stinner@gmail.com> wrote:

I would to parse an integer in [0; UINT_MAX] to fix the zlib module on
64-bit system:
http://bugs.python.org/issue18294

How should I implement that? Use "O" format and then use
PyLong_Check(), PyLong_AsLong(), and check value <= UINT_MAX?

I ran into the same problem in the _lzma module. My solution was to define a custom converter that does an explicit check before returning the value (see http://hg.python.org/cpython/file/default/Modules/_lzmamodule.c#l134).

On Thu, Jun 27, 2013 at 12:26 AM, Guido van Rossum <guido@python.org> wrote:

> I would to parse an integer in [0; UINT_MAX] to fix the zlib module on

> 64-bit system:
> http://bugs.python.org/issue18294
>
> How should I implement that? Use "O" format and then use
> PyLong_Check(), PyLong_AsLong(), and check value <= UINT_MAX?

Why can't you use the K format? It won't reject out-of-range values,
but it will convert them to in-range so there aren't any attacks
possible based on bypassing the range check. I'm probably
misunderstanding something -- I don't completely understand that bug
report. :-(

The point is not to protect against deliberate attacks, but rather to fail loudly (instead of silently) when the caller provides an input that the underlying C library cannot handle.

- Nadeem