PyString::from_object
took &str
arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str
data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).
In PyO3 0.24.1 this function will now allocate a CString
to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr
arguments.