STINNER Victor <victor.stin...@haypocalc.com> added the comment: History of PyErr_Format():
- r7580 (13 years ago): creation of PyErr_Format() using a buffer of 500 bytes (fixed size buffer, allocated on the stack) - r17159 (10 years ago): PyErr_Format() allocates a dynamic buffer on the heap - r22722 (9 years ago): PyErr_Format() reuses PyString_FromFormatV() (dynamic buffer, allocated on the heap) belopolsky>> Limiting field width when formatting error messages belopolsky>> is a good safety measure. me> Can you give me at least one example? I think that it is very me> unlikely, or just impossible. Python allocates a dynamic buffer since r17159 (10 years ago), and the strings were *never* truncated just because %.100s format was never supported (it is interpreted as %s). If you still consider that %.100s protects is a good solution against crashes: you have to realize that Python doesn't truncate strings since 10 years, and nobody complained. -- The situation is changing because Ray Allen wrote a patch implementing %.100s: #7330. I would like to decide what to do with %.100s in error messages before commiting #7330. -- Eric and Alexander: do you still consider that %.100s is important in error messages? Or do you know agree that we can replace them with %s? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue10833> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com