[issue23055] PyUnicode_FromFormatV crasher
Guido Vranken
report at bugs.python.org
Tue Dec 16 01:25:11 CET 2014
Guido Vranken added the comment:
Serhiy Storchaka: good call on changing my 'n += (width + precision) < 20 ? 20 : (width + precision);' into 'if (width < precision) width = precision;', I didn't realize that sprintf's space requirement entails using the largest of the two instead of adding the two together.
I noticed the apparently pointless width calculation in 'step 1' but decided not to touch it -- good that it's removed now though.
I will start doing more debugging based on this new patch now to ensure that the bug is gone now.
On a more design-related note, for the sake of readability and stability, I'd personally opt for implementing toned-down custom sprintf-like function that does exactly what it needs to do and nothing more, since a function like this one requires perfect alignment with the underlying sprintf() in terms of functionality, at the possible expense of stability and integrity issues like we see here. For instance, width and precision are currently overflowable, resulting in either a minus sign appearing in the resulant format string given to sprintf() (width and precision are signed integers), or completely overflowing it (ie. (uint64_t)18446744073709551617 == 1 ). Considering the latter example, how do we know sprintf uses the same logic?
Guido
----------
nosy: +Guido
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23055>
_______________________________________
More information about the Python-bugs-list
mailing list