Le jeudi 24 mars 2011 à 13:22 +0100, M.-A. Lemburg a écrit : > BTW: Why do you think that %.100s is not supported in > PyErr_Format() in Python 2.x ? PyString_FromFormatV() > does support this. The change to use Unicode error strings > introduced the problem, since PyUnicode_FromFormatV() for > some reason ignores the precision (which is shouldn't).
Oh... You are right, it is a regression in Python 3. We started to write unit tests for PyBytes_FromFormat() and PyUnicode_FromFormat(), I hope that they will improve the situation. > That said, it's a good idea to add the #7330 fix > to at least Python 2.7 as well, since ignoring the precision > is definitely a bug. It may even be security relevant, since > it could be used for DOS attacks on servers (e.g. causing them > to write huge strings to log files instead of just a few > hundreds bytes per message), so may even need to go into Python 2.6. Python 2 is not affected because PyErr_Format() uses PyString_FromFormatV() which supports precision for %s format (e.g. %.100s truncate the string to 100 bytes). Do you think that Python 3.1-3.3 should be fixed? Let's begin by closing #10833 as invalid. Victor _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com