Comment 8 for bug 395204

It seems that PyString_Size and PyString_AsString aren't getting along?

        slen = PyString_Size(pstr);
        if (slen = 0)
            goto cleanup;
        mem = malloc((size_t)slen+1);
        if (mem == NULL){
            PyErr_NoMemory();
            goto cleanup;
        }
        char *fun = PyString_AsString(pstr);
        printf("slen:%d strlen(fun):%d\n", slen, strlen(fun));
        strcpy(mem, PyString_AsString(pstr));

This prints:
slen:0 strlen(fun):1

with the above example script. Perhaps it should be using PyString_AsStringAndSize ? Or just use strdup...

Regardless, this does not appear to be a security issue, but a "normal" bug. Thanks for the backtrace and details!