[Python-checkins] bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013)

Miss Islington (bot) webhook-mailer at python.org
Mon Jun 22 03:43:46 EDT 2020 

https://github.com/python/cpython/commit/d5ee9b9940ba24120838b07061058afe931cfff1
commit: d5ee9b9940ba24120838b07061058afe931cfff1
branch: 3.8
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2020-06-22T00:43:41-07:00
summary:

bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013)


Reported by Coverity.  (CID 1457554 RETURN_LOCAL)

path0 is assigned as a pointer to this right before it goes out of scope.
(cherry picked from commit 81328f30703bd7225e7e73aedb0994a7293ce190)

Co-authored-by: Gregory P. Smith <greg at krypto.org>

files:
A Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst
M Python/pathconfig.c

diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst b/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst
new file mode 100644
index 0000000000000..25f93c9da3105
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst	
@@ -0,0 +1 @@
+Fixes a reference to deallocated stack space during startup when constructing sys.path involving a relative symlink when code was supplied via -c.  (discovered via Coverity)
\ No newline at end of file
diff --git a/Python/pathconfig.c b/Python/pathconfig.c
index 258ff613a066c..bf180976b55ab 100644
--- a/Python/pathconfig.c
+++ b/Python/pathconfig.c
@@ -679,6 +679,7 @@ _PyPathConfig_ComputeSysPath0(const PyWideStringList *argv, PyObject **path0_p)
 #ifdef HAVE_READLINK
     wchar_t link[MAXPATHLEN + 1];
     int nr = 0;
+    wchar_t path0copy[2 * MAXPATHLEN + 1];
 
     if (have_script_arg) {
         nr = _Py_wreadlink(path0, link, Py_ARRAY_LENGTH(link));
@@ -701,7 +702,6 @@ _PyPathConfig_ComputeSysPath0(const PyWideStringList *argv, PyObject **path0_p)
             }
             else {
                 /* Must make a copy, path0copy has room for 2 * MAXPATHLEN */
-                wchar_t path0copy[2 * MAXPATHLEN + 1];
                 wcsncpy(path0copy, path0, MAXPATHLEN);
                 q = wcsrchr(path0copy, SEP);
                 wcsncpy(q+1, link, MAXPATHLEN);

More information about the Python-checkins mailing list