New submission from Oren Milman:
------------ current state ------------
Due to the implementation of socket_htons (in Modules/socketmodule.c), in case
the received integer does not fit in 16-bit unsigned integer, but does fit in a
positive C int, it is silently truncated to 16-bit unsigned integer (before
converting to network byte order):
>>> import socket
>>> hex(socket.htons(0x1234))
'0x3412'
>>> hex(socket.htons(0x81234))
'0x3412'
>>> hex(socket.htons(0x881234))
'0x3412'
>>> hex(socket.htons(0x8881234))
'0x3412'
>>> hex(socket.htons(0x88881234))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
OverflowError: Python int too large to convert to C long
>>>
Likewise, socket.ntohs has the same silent truncation feature, due to the
implementation of socket_ntohs.
ISTM this silent truncation feature has the potential to conceal nasty bugs,
and I guess it is rarely used in purpose.
With regard to relevant changes made in the past:
* The silent truncation was there since the two functions were first added,
in changeset 3673 (https://hg.python.org/cpython/rev/f6ace61c3dfe).
* A check whether the received integer is negative was added (to each of
the two functions) in changeset 40632
(https://hg.python.org/cpython/rev/6efe3a4b10ac), as part of #1635058.
Note the lack of discussion in #1635058 and #1619659 about backward
compatibility. It might suggest that Guido didn't hesitate to make the change,
even though at the time, the four conversion functions (socket.htons,
socket.ntohs, socket.htonl and socket.ntohl) were already in the wild for 10
years.
------------ proposed changes ------------
1. In Modules/socketmodule.c, raise a DeprecationWarning before silently
truncating the received integer. In Python 3.8, replace the DeprecationWarning
with an OverflowError.
2. In Lib/test/test_socket.py, add tests to verify a DeprecationWarning is
raised as expected.
3. In Doc/library/socket.rst, add a description of the silent truncation
feature, and declare it is deprecated.
------------ diff ------------
The proposed patches diff file is attached.
(I wasn't sure you would approve deprecating a feature that was in the wild for
so long, but I implemented it anyway, as it was quite simple.)
------------ tests ------------
I ran 'python_d.exe -m test -j3' (on my 64-bit Windows 10) with and without the
patches, and got quite the same output. (That also means my new tests in
test_socket passed.)
The outputs of both runs are attached.
----------
components: Library (Lib)
files: CPythonTestOutput.txt
messages: 277820
nosy: Oren Milman
priority: normal
severity: normal
status: open
title: silent truncations in socket.htons and socket.ntohs
type: behavior
versions: Python 3.7
Added file: http://bugs.python.org/file44911/CPythonTestOutput.txt
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue28332>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
