[issue2587] PyString_FromStringAndSize() to be considered unsafe

Justin Ferguson report at bugs.python.org
Thu Apr 10 20:41:36 CEST 2008

Justin Ferguson <justin.ferguson at ioactive.com> added the comment:

The use of signed integers in Python is (imho) the single largest threat
to the security of the interpreter. I'm probably preaching to the choir
there though. 

I really dislike have to return values and indicate error in the return
value, its really unclean and causes weirdness, for instance if you
follow PyArg_ParseTuple() down and you have an integer (or maybe it was
long?) argument, you can't actually get a value of -1 because one of the
string->int conversion routines uses that to indicate failure. The check
wrapped around it was something along the lines of:

if (-1 == retval && PyErr_Occurred())

In turn down the line somewhere (I didn't follow the code path), this
value got converted to 1, so for instance doing
__import__('zlib').decompressobj().flush(-1) wouldn't trigger that bug,
it would flush 1 byte, not UINT_MAX as I had expected

Tracker <report at bugs.python.org>

More information about the Python-bugs-list mailing list