From: Christian Heimes Date: Mon, 22 Jul 2013 10:54:21 +0000 (+0200) Subject: Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0], X-Git-Tag: v3.4.0a1~108 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=de0e63bd9cf3f4f4833664988d2ec03b75c0d5a1;p=python Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0], prefix and exec_prefix if the operation system does not obey MAXPATHLEN. --- de0e63bd9cf3f4f4833664988d2ec03b75c0d5a1 diff --cc Misc/NEWS index f5b56ef33d,2b28991c51..26c629552f --- a/Misc/NEWS +++ b/Misc/NEWS @@@ -10,14 -12,11 +10,17 @@@ What's New in Python 3.4.0 Alpha 1 Core and Builtins ----------------- + - Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0], + prefix and exec_prefix if the operation system does not obey MAXPATHLEN. + +- Issue #18408: Fix many various bugs in code handling errors, especially + on memory allocation failure (MemoryError). + - Issue #18344: Fix potential ref-leaks in _bufferedreader_read_all(). +- Issue #18342: Use the repr of a module name when an import fails when using + ``from ... import ...``. + - Issue #17872: Fix a segfault in marshal.load() when input stream returns more bytes than requested. diff --cc Modules/getpath.c index 21dc854571,ff14fdd6cd..1a43150c0b --- a/Modules/getpath.c +++ b/Modules/getpath.c @@@ -341,9 -343,10 +343,10 @@@ search_for_prefix(wchar_t *argv0_path, /* Check VPATH to see if argv0_path is in the build directory. */ vpath = _Py_char2wchar(VPATH, NULL); if (vpath != NULL) { - wcscpy(prefix, argv0_path); + wcsncpy(prefix, argv0_path, MAXPATHLEN); + prefix[MAXPATHLEN] = L'\0'; joinpath(prefix, vpath); - PyMem_Free(vpath); + PyMem_RawFree(vpath); joinpath(prefix, L"Lib"); joinpath(prefix, LANDMARK); if (ismodule(prefix))