On Jan 12, 2008, at 9:59 AM, Alan Runyan wrote:
...
ZODB's error handling of transaction header length may be incorrect
as well:
the code in FileStorage.py:
def _begin(self, tid, u, d, e):
self._nextpos = 0
self._thl = TRANS_HDR_LEN + len(u) + len(d) + len(e)
if self._thl > 65535:
# one of u, d, or e may be > 65535
# We have to check lengths here because struct.pack
# doesn't raise an exception on overflow
if len(u) > 65535:
raise FileStorageError('user name too long')
if len(d) > 65535:
raise FileStorageError('description too long')
if len(e) > 65535:
raise FileStorageError('too much extension data')
1. What if each u, d, e were each 32k? this exception would
not be triggered.
And it shouldn't be. Each has their own 2-byte length field in the
transaction header,
If I ever do FileStorage2 (don't hold your breath) I'd combine the
user and description with the extension data into a single field with
a 4-byte length.
Jim
--
Jim Fulton
Zope Corporation
_______________________________________________
For more information about ZODB, see the ZODB Wiki:
http://www.zope.org/Wikis/ZODB/
ZODB-Dev mailing list - ZODB-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zodb-dev
