Author Oren Milman
Recipients Oren Milman
Date 2016-10-01.15:05:54
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1475334370.1.0.257280912764.issue28332@psf.upfronthosting.co.za>
In-reply-to
Content
------------ current state ------------
Due to the implementation of socket_htons (in Modules/socketmodule.c), in case the received integer does not fit in 16-bit unsigned integer, but does fit in a positive C int, it is silently truncated to 16-bit unsigned integer (before converting to network byte order):
>>> import socket
>>> hex(socket.htons(0x1234))
'0x3412'
>>> hex(socket.htons(0x81234))
'0x3412'
>>> hex(socket.htons(0x881234))
'0x3412'
>>> hex(socket.htons(0x8881234))
'0x3412'
>>> hex(socket.htons(0x88881234))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OverflowError: Python int too large to convert to C long
>>>

Likewise, socket.ntohs has the same silent truncation feature, due to the implementation of socket_ntohs.

ISTM this silent truncation feature has the potential to conceal nasty bugs, and I guess it is rarely used in purpose.

With regard to relevant changes made in the past:
    * The silent truncation was there since the two functions were first added, in changeset 3673 (https://hg.python.org/cpython/rev/f6ace61c3dfe).
    * A check whether the received integer is negative was added (to each of the two functions) in changeset 40632 (https://hg.python.org/cpython/rev/6efe3a4b10ac), as part of #1635058.
    Note the lack of discussion in #1635058 and #1619659 about backward compatibility. It might suggest that Guido didn't hesitate to make the change, even though at the time, the four conversion functions (socket.htons, socket.ntohs, socket.htonl and socket.ntohl) were already in the wild for 10 years.


------------ proposed changes ------------
    1. In Modules/socketmodule.c, raise a DeprecationWarning before silently truncating the received integer. In Python 3.8, replace the DeprecationWarning with an OverflowError.

    2. In Lib/test/test_socket.py, add tests to verify a DeprecationWarning is raised as expected.

    3. In Doc/library/socket.rst, add a description of the silent truncation feature, and declare it is deprecated.


------------ diff ------------
The proposed patches diff file is attached.

(I wasn't sure you would approve deprecating a feature that was in the wild for so long, but I implemented it anyway, as it was quite simple.)


------------ tests ------------
I ran 'python_d.exe -m test -j3' (on my 64-bit Windows 10) with and without the patches, and got quite the same output. (That also means my new tests in test_socket passed.)
The outputs of both runs are attached.
History
Date User Action Args
2016-10-01 15:06:10Oren Milmansetrecipients: + Oren Milman
2016-10-01 15:06:10Oren Milmansetmessageid: <1475334370.1.0.257280912764.issue28332@psf.upfronthosting.co.za>
2016-10-01 15:06:10Oren Milmanlinkissue28332 messages
2016-10-01 15:06:07Oren Milmancreate