From a3070d530c70477273cacbc61660b318582fff44 Mon Sep 17 00:00:00 2001 From: Benjamin Peterson Date: Mon, 4 Sep 2017 22:23:42 -0700 Subject: [PATCH] bpo-31347: _PyObject_FastCall_Prepend: do not call memcpy if args might not be null (#3329) Passing NULL as the second argument to to memcpy is undefined behavior even if the size is 0. --- .../2017-09-04-16-35-06.bpo-31347.KDuf2w.rst | 1 + Objects/call.c | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2017-09-04-16-35-06.bpo-31347.KDuf2w.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2017-09-04-16-35-06.bpo-31347.KDuf2w.rst b/Misc/NEWS.d/next/Core and Builtins/2017-09-04-16-35-06.bpo-31347.KDuf2w.rst new file mode 100644 index 0000000000..52a6168e63 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2017-09-04-16-35-06.bpo-31347.KDuf2w.rst @@ -0,0 +1 @@ +Fix possible undefined behavior in _PyObject_FastCall_Prepend. diff --git a/Objects/call.c b/Objects/call.c index 4294a9beb0..92464327fb 100644 --- a/Objects/call.c +++ b/Objects/call.c @@ -854,9 +854,9 @@ _PyObject_FastCall_Prepend(PyObject *callable, /* use borrowed references */ args2[0] = obj; - memcpy(&args2[1], - args, - (nargs - 1)* sizeof(PyObject *)); + if (nargs > 1) { + memcpy(&args2[1], args, (nargs - 1) * sizeof(PyObject *)); + } result = _PyObject_FastCall(callable, args2, nargs); if (args2 != small_stack) { -- 2.40.0