[ python-Bugs-847019 ] datetime.datetime initialization needs more
strict checking
SourceForge.net
noreply at sourceforge.net
Mon Nov 24 18:50:17 EST 2003
Bugs item #847019, was opened at 2003-11-21 21:19
Message generated for change (Comment added) made by tim_one
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=847019&group_id=5470
Category: Python Library
Group: Python 2.3
Status: Open
Resolution: None
Priority: 7
Submitted By: Michael Dubner (dubnerm)
Assigned to: Guido van Rossum (gvanrossum)
Summary: datetime.datetime initialization needs more strict checking
Initial Comment:
Friend of mine wrote following program:
---------------------------------
import datetime
t=datetime.datetime('1995-03-25')
print t.ctime()
---------------------------------
This is obviously wrong code, but instead of reporting
this at second line python crashes on third line (with
ctime).
Info:
Using Python 2.3.2 on Windows 2000
----------------------------------------------------------------------
>Comment By: Tim Peters (tim_one)
Date: 2003-11-24 18:50
Message:
Logged In: YES
user_id=31435
Na, it's not that simple. Blazing-fast pickling and unpickling
was a design goal for datetime. "Sanity checks" require two-
tailed comparisons on 7 distinct fields, and checking of the
day field requires month-specific comparison, and may even
require determing whether it's a leap year. Doing all that
would make sucking datetimes out of pickles enormously
slower than it is now (it's merely a 10-byte string copy now).
If we were willing to do all the checks we do on things coming
through the front door, we wouldn't call it a back door <wink>.
OTOH, we shouldn't allow a hostile user the ability to crash
the system via constructing a damaged datetime pickle
either, so maybe the whole "fast back door" idea is impossible
to rehabilitate.
----------------------------------------------------------------------
Comment By: Michael Dubner (dubnerm)
Date: 2003-11-23 20:36
Message:
Logged In: YES
user_id=39274
Of cause i've seen that backdoor, but from my point of view
constructor is not so time-critical that insertion of sanity
chechs will slow down in most (sane) scenarios.
----------------------------------------------------------------------
Comment By: Tim Peters (tim_one)
Date: 2003-11-21 22:16
Message:
Logged In: YES
user_id=31435
LOL! Assigned to Guido for his amusement. One string
argument of exactly size 10 triggers the "secret" backdoor to
construct a datetime.datetime from a pickle. The datetime
constructed here is insane, and provokes Microsoft's library
into crashing. In a debug build, it triggers an assertion error
in the datetime module:
>>> import datetime
[16122 refs]
>>> datetime.datetime('1995-03-25')
datetime.datetime(12601, 57, 53, 45, 48, 51, 2961973)
[16124 refs]
>>> _.ctime()
Assertion failed: month <= 12, file
C:\Code\python\Modules\datetimemodule.c, line 189
Boosted priority since it's a way to crash the interpreter on
Windows.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=847019&group_id=5470
More information about the Python-bugs-list
mailing list