Impact
bytestrings can have dirty bytes in them, resulting in the word-for-word comparison to give incorrect results, e.g.
b1: Bytes[32] = b"abcdef"
b1 = slice(b1, 0, 1)
b2: Bytes[32] = b"abcdef"
t: bool = b1 == b2 # incorrectly evaluates to True
even without dirty nonzero bytes, because there is no comparison of the length, two bytestrings can compare to equal if one ends with "\x00".
b1: Bytes[32] = b"abc\0"
b2: Bytes[32] = b"abc"
t: bool = b1 == b2 # incorrectly evaluates to True
Patches
fixed in 2c73f83
Impact
bytestrings can have dirty bytes in them, resulting in the word-for-word comparison to give incorrect results, e.g.
even without dirty nonzero bytes, because there is no comparison of the length, two bytestrings can compare to equal if one ends with
"\x00".Patches
fixed in 2c73f83