Message239167
Modules/_ctypes/cfield.c has this horror in it (twice):
/* XXX What about invalid pointers ??? */
if (*(void **)ptr) {
#if defined(MS_WIN32) && !defined(_WIN32_WCE)
if (IsBadStringPtrA(*(char **)ptr, -1)) {
PyErr_Format(PyExc_ValueError,
"invalid string pointer %p",
*(char **)ptr);
return NULL;
}
#endif
return PyBytes_FromStringAndSize(*(char **)ptr,
strlen(*(char **)ptr));
IsBadStringPtr should generally not be used, and the -1 parameter makes it even worse. See http://blogs.msdn.com/b/oldnewthing/archive/2006/09/27/773741.aspx for details, but the main reason is that if it is actually a bad pointer, we've just deferred the crash from the obvious location to somewhere that should "never" crash.
The strlen() call has exactly the same behaviour as IsBadStringPtrA except the crash will occur here.
A better alternative would be to use the safe strlen function to limit the maximum length of strings, but since we likely can't agree on a suitable maximum we should just stop trying to handle this case at all. |
|
Date |
User |
Action |
Args |
2015-03-24 18:39:05 | steve.dower | set | recipients:
+ steve.dower, tim.golden, zach.ware |
2015-03-24 18:39:05 | steve.dower | set | messageid: <1427222345.86.0.728447674961.issue23765@psf.upfronthosting.co.za> |
2015-03-24 18:39:05 | steve.dower | link | issue23765 messages |
2015-03-24 18:39:05 | steve.dower | create | |
|