David Watson added the comment:
On Fri 13 Dec 2013, Brett Cannon wrote:
> Two things. First, I'm sorry David but my mind is not working fully enough at
> the moment to see how msg_controllen is compared to cmsg_len_end without
> relying on external value coming in through the parameters of the function.
The lines (in the existing code)
if (space < cmsg_len_end)
space = cmsg_len_end;
ensure that space >= cmsg_len_end, and then we have
return (cmsg_offset <= (size_t)-1 - space &&
cmsg_offset + space <= msg->msg_controllen);
so that 0 is returned if msg->msg_controllen < (cmsg_offset +
space), but since cmsg_offset is nonnegative and cmsg_len_end <=
space, we always have cmsg_len_end <= (cmsg_offset + space).
Hence if we get to this last line and msg->msg_controllen <
cmsg_len_end, then msg->msg_controllen < (cmsg_offset + space),
and so the function returns 0.
(So returning 0 immediately if msg->msg_controllen < cmsg_len_end
doesn't change the behaviour of the function, provided this
comparison is done correctly.)
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue12837>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
