This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author baikie
Recipients baikie, brett.cannon, christian.heimes, ncoghlan, neologix, pitrou, python-dev
Date 2013-12-15.23:12:41
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <20131215231236.GA4998@dbwatson.uk7.net>
In-reply-to <1386953753.48.0.823018115928.issue12837@psf.upfronthosting.co.za>
Content
On Fri 13 Dec 2013, Brett Cannon wrote:
> Two things. First, I'm sorry David but my mind is not working fully enough at the moment to see how msg_controllen is compared to cmsg_len_end without relying on external value coming in through the parameters of the function.

The lines (in the existing code)

    if (space < cmsg_len_end)
        space = cmsg_len_end;

ensure that space >= cmsg_len_end, and then we have

    return (cmsg_offset <= (size_t)-1 - space &&
            cmsg_offset + space <= msg->msg_controllen);

so that 0 is returned if msg->msg_controllen < (cmsg_offset +
space), but since cmsg_offset is nonnegative and cmsg_len_end <=
space, we always have cmsg_len_end <= (cmsg_offset + space).
Hence if we get to this last line and msg->msg_controllen <
cmsg_len_end, then msg->msg_controllen < (cmsg_offset + space),
and so the function returns 0.

(So returning 0 immediately if msg->msg_controllen < cmsg_len_end
doesn't change the behaviour of the function, provided this
comparison is done correctly.)
History
Date User Action Args
2013-12-15 23:12:42baikiesetrecipients: + baikie, brett.cannon, ncoghlan, pitrou, christian.heimes, neologix, python-dev
2013-12-15 23:12:41baikielinkissue12837 messages
2013-12-15 23:12:41baikiecreate