On Thu, 27 Jan 2005, Miles Stevenson wrote:
> I'm trying to practice safe coding techniques. I just want to make sure > that a user can't supply a massive argument to my script and cause > trouble. I'm just trying only accept about 256 bytes: > > buffer(sys.argv[1], 0, 256) ^^^^^^ Hi Miles, Don't use buffer() in this way: it's not doing what you think it's doing. buffer() does not "mutate" its argument: it does not truncate sys.argv[1]. Instead, it takes an existing sequence and provides a sort of "window" view into that sequence. You can try something like: ### window = buffer(sys.argv[1], 0, 256) ### in which case 'window' here should contain the first 256 characters of sys.argv[1]. As a side note, buffer() does not appear to be used much by people: it's hardly used by the Standard Library itself, and is probably not useful for general Python programming. (In fact, the only place I see buffer() really being used is in Python's test cases!) In the case with sys.argv[1], I'd actually leave string arguments at an unrestricted length. Python is very safe when it comes to dealing with large data. For example, array access is checked at runtime: ### >>> "hello world"[400] Traceback (most recent call last): File "<stdin>", line 1, in ? IndexError: string index out of range ### This is why we're not so worried about things like buffer-overflow in unsafe languages like C. If you have more questions, please feel free to ask. Hope this helps! _______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
