[New-bugs-announce] [issue25844] Pylauncher, launcher.c: Assigning NULL to a pointer instead of testing against NULL
Alexander Riccio
report at bugs.python.org
Fri Dec 11 23:33:27 EST 2015
New submission from Alexander Riccio:
I found this while writing up a separate bug (CPython doesn't use static analysis!).
In PC/launcher.c, get_env has a bug:
/* Large environment variable. Accept some leakage */
wchar_t *buf2 = (wchar_t*)malloc(sizeof(wchar_t) * (result+1));
if (buf2 = NULL) {
error(RC_NO_MEMORY, L"Could not allocate environment buffer");
}
GetEnvironmentVariableW(key, buf2, result);
return buf2;
See: https://hg.python.org/cpython/file/tip/PC/launcher.c#l117
Instead of `buf2 == NULL`, Vinay Sajip wrote `buf2 = NULL`. The commit where the error was introduced: https://hg.python.org/cpython/rev/4123e002a1af
Thus, whatever value was in buf2 is lost, the branch is NOT taken (because buf2 evaluates to false), and GetEnvironmentVariableW will (probably) cause an access violation.
Compiling with /analyze found this quite easily:
c:\pythondev\repo\pc\launcher.c(117): warning C6282: Incorrect operator: assignment of constant in Boolean context. Consider using '==' instead.
----------
components: Windows
messages: 256254
nosy: Alexander Riccio, paul.moore, steve.dower, tim.golden, vinay.sajip, zach.ware
priority: normal
severity: normal
status: open
title: Pylauncher, launcher.c: Assigning NULL to a pointer instead of testing against NULL
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25844>
_______________________________________
More information about the New-bugs-announce
mailing list