[issue13334] Erroneous Size check in _PyString_Resize

2011-11-03 Thread Amaury Forgeot d'Arc
Changes by Amaury Forgeot d'Arc : -- status: open -> closed ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: htt

[issue13334] Erroneous Size check in _PyString_Resize

2011-11-03 Thread david
david added the comment: Yes my bad :-) I got my C test case wrong. -- status: pending -> open ___ Python tracker ___ ___ Python-bugs

[issue13334] Erroneous Size check in _PyString_Resize

2011-11-03 Thread Amaury Forgeot d'Arc
Amaury Forgeot d'Arc added the comment: Let's take an example: on a 32bit system, call _PyString_Resize(&s, 0x7ff8) Then PyStringObject_SIZE + newsize is something like -0x7ff8 (yes, it wraps around and is a negative number) But when cast to an unsigned size_t (because that's what Py

[issue13334] Erroneous Size check in _PyString_Resize

2011-11-03 Thread david
Changes by david : -- title: Erroneous Size check in -> Erroneous Size check in _PyString_Resize ___ Python tracker ___ ___ Python-bug

[issue13334] Erroneous Size check in

2011-11-03 Thread david
Changes by david : -- components: +None versions: +Python 2.7 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: h

[issue13334] Erroneous Size check in

2011-11-03 Thread david
New submission from david : The _PyString_Resize function in stringobject.c[0] takes in a PyObject ** and a Py_ssize_t newsize. Where Py_ssize_t is often a typedef for ssize_t(a signed version of size_t). As such the newsize parameter could be negative. The code checks for when the newsize is