[issue1950] Potential overflows due to incorrect usage of PyUnicode_AsString.
Alexandre Vassalotti
report at bugs.python.org
Sat May 3 19:58:35 CEST 2008
Alexandre Vassalotti <alexandre at peadrop.com> added the comment:
Marc-Andre Lemburg wrote:
[SNIP]
> The above cast needs to be (Py_ssize_t). size_t is an unsigned length
type.
Actually, the cast is right (even though it is not strictly necessary).
It just the patch that is confusing. Here is the relevant code:
/* Normal module, so work out the package name if any */
char *start = PyUnicode_AsString(modname);
char *lastdot = strrchr(start, '.');
size_t len;
int error;
/* snip */
len = (size_t)(lastdot - start);
if (len >= MAXPATHLEN) {
PyErr_SetString(PyExc_ValueError,
"Module name too long");
return NULL;
}
I removed the cast from the patch (I don't know why I added it, anyway)
to avoid further confusion.
__________________________________
Tracker <report at bugs.python.org>
<http://bugs.python.org/issue1950>
__________________________________
More information about the Python-bugs-list
mailing list