STINNER Victor <victor.stin...@haypocalc.com> added the comment:

History of PyErr_Format():

 - r7580 (13 years ago): creation of PyErr_Format() using a buffer of 500 bytes 
(fixed size buffer, allocated on the stack)
 - r17159 (10 years ago): PyErr_Format() allocates a dynamic buffer on the heap
 - r22722 (9 years ago): PyErr_Format() reuses PyString_FromFormatV() (dynamic 
buffer, allocated on the heap)

belopolsky>> Limiting field width when formatting error messages
belopolsky>> is a good safety measure.

me> Can you give me at least one example? I think that it is very
me> unlikely, or just impossible.

Python allocates a dynamic buffer since r17159 (10 years ago), and the strings 
were *never* truncated just because %.100s format was never supported (it is 
interpreted as %s).

If you still consider that %.100s protects is a good solution against crashes: 
you have to realize that Python doesn't truncate strings since 10 years, and 
nobody complained.

--

The situation is changing because Ray Allen wrote a patch implementing %.100s: 
#7330. I would like to decide what to do with %.100s in error messages before 
commiting #7330.

--

Eric and Alexander: do you still consider that %.100s is important in error 
messages? Or do you know agree that we can replace them with %s?

----------

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue10833>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to