pyo3 icon indicating copy to clipboard operation
pyo3 copied to clipboard
verified publisher icon PyO3

`chrono::DateTime::to_object()` can panic

Open 124C41p opened this issue 1 year ago • 2 comments

The range of possible values of chrono::DateTime is much larger than that of Python's datetime (which is limited by 1 <= year <= 9999), so there cannot be a one to one mapping. As a consequence, the function chrono::DateTime::to_object() panics for dates far in the future or far in the past. (tested with version 0.21.0)

In most situations this is probably not an issue. In my personal use case however, I am deserializing data received over the network in an extension module, and hand the results over to a Python process. In this case, a malicious actor could crash my module by simply sending some date with year >= 10k.

Do you mind adding something like chrono::DateTime::try_to_object() which fails savely?

124C41p avatar Mar 31 '24 16:03 124C41p

We have a general need for fallible conversion traits but we are lacking the people to tackle this concurrently with the Bound API overhaul, c.f. #1813 and #2782.

adamreichold avatar Mar 31 '24 17:03 adamreichold

Opened #4041 to discuss fallible traits among other things.

davidhewitt avatar Apr 06 '24 14:04 davidhewitt