Python bindings: various bounds checking failures (maybe arbitrary memory access?)

[AllSeeingEyeTolledEweSew]

The following code snippets wrongly succeed. It looks like some bounds are not checked when they should be, resulting in unintentional memory access.

• create_torrent.set_hash() with a short buffer. This succeeds, and create_torrent.generate() shows the piece gets set to be the short buffer plus some garbage data:

fs = file_storage()
fs.add_file("test.txt", 1024)
ct = create_torrent(fs)
ct.set_hash(0, b"a")  # should raise ValueError

• create_torrent.set_file_hash(), similarly:

fs = file_storage()
fs.add_file("test.txt", 1024)
ct = create_torrent(fs)
ct.set_file_hash(0, b"a")  # should raise ValueError

• sha1_hash(), similarly:

sha1_hash(b"a")  # should raise ValueError

• torrent_info.hash_for_piece() with an invalid index wrongly succeeds. This seems to read arbitrary memory...

ti = torrent_info({b"info": {
    b"name": b"test.txt",
    b"length": 1024,
    b"piece length": 16384,
    b"pieces": b"a" * 20,
}})
ti.hash_for_piece(1)  # should raise ValueError
ti.hash_for_piece(-1)  # should raise ValueError

• session.dht_put_mutable_item(b"short", b"short", b"data", b"salt"): Should raise ValueError if public or private key arguments are the wrong length
• session.dht_get_mutable_item(b"short", b"salt"): Should raise ValueError if public key argument is wrong length

I'm finished writing new unit tests and won't add any more items to this issue.

[AllSeeingEyeTolledEweSew]

Should I close this? Or wait until it's merged to RC_1_2, since it's on a 1.2 milestone?