Alexander Belopolsky <[EMAIL PROTECTED]> added the comment: I agree that PySSL_SSLread should check that its argument is >= 0. I don't think this check belongs to PyString_FromStringAndSize. It should be the responsibility of the caller to verify that the precondition size >= 0 is satisfied before calling PyString_FromStringAndSize. Oftentimes the caller can ascertain size >= 0 without an explicit check, for example, if size is the size of a buffer or length of a valid string object.
On the other hand, an external input such as the len argument to the read function should be checked before used. I would also suggest changing the len type from int to Py_ssize_t. I agree with Amaury that assert(size>=0) is sufficient in PyString_FromStringAndSize(), but its documentation should emphasize that the caller is responsible for assuring that the requested length is nonnegative. I don't think the upper bound check is necessary: sizeof(PyStringObject) + size will not wrap around as long as size >= 0. ---------- nosy: +belopolsky __________________________________ Tracker <[EMAIL PROTECTED]> <http://bugs.python.org/issue2587> __________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
