Issue #28522: Fixes mishandled buffer reallocation in getpathp.c
This commit is contained in:
parent
e45ef4e54c
commit
c6dd415252
|
@ -488,6 +488,58 @@ class StartupImportTests(unittest.TestCase):
|
|||
'import site, sys; site.enablerlcompleter(); sys.exit(hasattr(sys, "__interactivehook__"))']).wait()
|
||||
self.assertTrue(r, "'__interactivehook__' not added by enablerlcompleter()")
|
||||
|
||||
@unittest.skipUnless(sys.platform == 'win32', "only supported on Windows")
|
||||
def test_underpth_nosite_file(self):
|
||||
_pth_file = os.path.splitext(sys.executable)[0] + '._pth'
|
||||
try:
|
||||
libpath = os.path.dirname(os.path.dirname(encodings.__file__))
|
||||
with open(_pth_file, 'w') as f:
|
||||
print('fake-path-name', file=f)
|
||||
# Ensure the generated path is very long so that buffer
|
||||
# resizing in getpathp.c is exercised
|
||||
for _ in range(200):
|
||||
print(libpath, file=f)
|
||||
print('# comment', file=f)
|
||||
|
||||
env = os.environ.copy()
|
||||
env['PYTHONPATH'] = 'from-env'
|
||||
rc = subprocess.call([sys.executable, '-c',
|
||||
'import sys; sys.exit(sys.flags.no_site and '
|
||||
'len(sys.path) > 200 and '
|
||||
'%r in sys.path and %r in sys.path and %r not in sys.path)' % (
|
||||
os.path.join(sys.prefix, 'fake-path-name'),
|
||||
libpath,
|
||||
os.path.join(sys.prefix, 'from-env'),
|
||||
)], env=env)
|
||||
self.assertEqual(rc, 0)
|
||||
finally:
|
||||
os.unlink(_pth_file)
|
||||
|
||||
@unittest.skipUnless(sys.platform == 'win32', "only supported on Windows")
|
||||
def test_underpth_file(self):
|
||||
_pth_file = os.path.splitext(sys.executable)[0] + '._pth'
|
||||
try:
|
||||
libpath = os.path.dirname(os.path.dirname(encodings.__file__))
|
||||
with open(_pth_file, 'w') as f:
|
||||
print('fake-path-name', file=f)
|
||||
for _ in range(200):
|
||||
print(libpath, file=f)
|
||||
print('# comment', file=f)
|
||||
print('import site', file=f)
|
||||
|
||||
env = os.environ.copy()
|
||||
env['PYTHONPATH'] = 'from-env'
|
||||
rc = subprocess.call([sys.executable, '-c',
|
||||
'import sys; sys.exit(not sys.flags.no_site and '
|
||||
'%r in sys.path and %r in sys.path and %r not in sys.path)' % (
|
||||
os.path.join(sys.prefix, 'fake-path-name'),
|
||||
libpath,
|
||||
os.path.join(sys.prefix, 'from-env'),
|
||||
)], env=env)
|
||||
self.assertEqual(rc, 0)
|
||||
finally:
|
||||
os.unlink(_pth_file)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
|
|
|
@ -85,6 +85,11 @@ Library
|
|||
threadpool executor.
|
||||
Initial patch by Hans Lawrenz.
|
||||
|
||||
Windows
|
||||
-------
|
||||
|
||||
- Issue #28522: Fixes mishandled buffer reallocation in getpathp.c
|
||||
|
||||
Build
|
||||
-----
|
||||
|
||||
|
|
|
@ -581,7 +581,8 @@ read_pth_file(const wchar_t *path, wchar_t *prefix, int *isolated, int *nosite)
|
|||
wn = MultiByteToWideChar(CP_UTF8, 0, line, -1, wline, wn + 1);
|
||||
wline[wn] = '\0';
|
||||
|
||||
while (wn + prefixlen + 4 > bufsiz) {
|
||||
size_t usedsiz = wcslen(buf);
|
||||
while (usedsiz + wn + prefixlen + 4 > bufsiz) {
|
||||
bufsiz += MAXPATHLEN;
|
||||
buf = (wchar_t*)PyMem_RawRealloc(buf, (bufsiz + 1) * sizeof(wchar_t));
|
||||
if (!buf) {
|
||||
|
@ -590,11 +591,21 @@ read_pth_file(const wchar_t *path, wchar_t *prefix, int *isolated, int *nosite)
|
|||
}
|
||||
}
|
||||
|
||||
if (buf[0])
|
||||
if (usedsiz) {
|
||||
wcscat_s(buf, bufsiz, L";");
|
||||
usedsiz += 1;
|
||||
}
|
||||
|
||||
wchar_t *b = &buf[wcslen(buf)];
|
||||
wcscat_s(buf, bufsiz, prefix);
|
||||
errno_t result;
|
||||
_Py_BEGIN_SUPPRESS_IPH
|
||||
result = wcscat_s(buf, bufsiz, prefix);
|
||||
_Py_END_SUPPRESS_IPH
|
||||
if (result == EINVAL) {
|
||||
Py_FatalError("invalid argument during ._pth processing");
|
||||
} else if (result == ERANGE) {
|
||||
Py_FatalError("buffer overflow during ._pth processing");
|
||||
}
|
||||
wchar_t *b = &buf[usedsiz];
|
||||
join(b, wline);
|
||||
|
||||
PyMem_RawFree(wline);
|
||||
|
|
Loading…
Reference in New Issue