Author jnferguson
Recipients amaury.forgeotdarc, belopolsky, chmod007, gregory.p.smith, gvanrossum, jnferguson
Date 2008-04-10.18:41:33
SpamBayes Score 0.066306
Marked as misclassified No
Message-id <1207852896.06.0.0287350263255.issue2587@psf.upfronthosting.co.za>
In-reply-to
Content
The use of signed integers in Python is (imho) the single largest threat
to the security of the interpreter. I'm probably preaching to the choir
there though. 

I really dislike have to return values and indicate error in the return
value, its really unclean and causes weirdness, for instance if you
follow PyArg_ParseTuple() down and you have an integer (or maybe it was
long?) argument, you can't actually get a value of -1 because one of the
string->int conversion routines uses that to indicate failure. The check
wrapped around it was something along the lines of:

if (-1 == retval && PyErr_Occurred())

In turn down the line somewhere (I didn't follow the code path), this
value got converted to 1, so for instance doing
__import__('zlib').decompressobj().flush(-1) wouldn't trigger that bug,
it would flush 1 byte, not UINT_MAX as I had expected
History
Date User Action Args
2008-04-10 18:41:36jnfergusonsetspambayes_score: 0.066306 -> 0.066306
recipients: + jnferguson, gvanrossum, gregory.p.smith, amaury.forgeotdarc, belopolsky, chmod007
2008-04-10 18:41:36jnfergusonsetspambayes_score: 0.066306 -> 0.066306
messageid: <1207852896.06.0.0287350263255.issue2587@psf.upfronthosting.co.za>
2008-04-10 18:41:34jnfergusonlinkissue2587 messages
2008-04-10 18:41:33jnfergusoncreate