Issue 1688393: sock.recvfrom(-24) crashes - Python tracker (original) (raw)

Actually sock.recvfrom(x) crashes or causes memory corruption for all values in -sizeof(PyStringObject) <= x < 0, I think.

This script demonstrates the problem:

import socket, sys s1 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s1.bind(('127.0.0.1', 9999)) s2 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s2.sendto('fdsjkldsfkj', ('127.0.0.1', 9999)) print s1.recvfrom(-24)

Try e.g. -1 instead of -24 as well.

I'm attaching a patch that fixes this bug, and adds a simple test for it too.

Other sock_recv* functions in socketmodule.c seem to already catch negative recvlen values and raise ValueError, but for some reason recvfrom missed out.