From 9fe5decf5f38ae247f4f354dee27e4bfbe8bc5f8 Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Mon, 22 Jun 2020 00:47:54 -0700 Subject: [PATCH] bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013) Reported by Coverity. (CID 1457554 RETURN_LOCAL) path0 is assigned as a pointer to this right before it goes out of scope. (cherry picked from commit 81328f30703bd7225e7e73aedb0994a7293ce190) Co-authored-by: Gregory P. Smith --- .../Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst | 1 + Python/pathconfig.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst b/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst new file mode 100644 index 00000000000..25f93c9da31 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst @@ -0,0 +1 @@ +Fixes a reference to deallocated stack space during startup when constructing sys.path involving a relative symlink when code was supplied via -c. (discovered via Coverity) \ No newline at end of file diff --git a/Python/pathconfig.c b/Python/pathconfig.c index fe3ac3ee3d8..5c38041d766 100644 --- a/Python/pathconfig.c +++ b/Python/pathconfig.c @@ -686,6 +686,7 @@ _PyPathConfig_ComputeSysPath0(const PyWideStringList *argv, PyObject **path0_p) #ifdef HAVE_READLINK wchar_t link[MAXPATHLEN + 1]; int nr = 0; + wchar_t path0copy[2 * MAXPATHLEN + 1]; if (have_script_arg) { nr = _Py_wreadlink(path0, link, Py_ARRAY_LENGTH(link)); @@ -708,7 +709,6 @@ _PyPathConfig_ComputeSysPath0(const PyWideStringList *argv, PyObject **path0_p) } else { /* Must make a copy, path0copy has room for 2 * MAXPATHLEN */ - wchar_t path0copy[2 * MAXPATHLEN + 1]; wcsncpy(path0copy, path0, MAXPATHLEN); q = wcsrchr(path0copy, SEP); wcsncpy(q+1, link, MAXPATHLEN);