Message 336507 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	vstinner
Recipients	hfuru, vstinner
Date	2019年02月25日.10:10:23
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1551089423.86.0.432533309006.issue10308@roundup.psfhosted.org>

Content
I reviewed getpath.diff: diff -pru Python-2.7/Modules/getpath.c Python-2.7/Modules/getpath.c --- Python-2.7/Modules/getpath.c +++ Python-2.7/Modules/getpath.c @@ -218,7 +218,7 @@ joinpath(char buffer, char stuff) if (n > MAXPATHLEN) Py_FatalError("buffer overflow in getpath.c's joinpath()"); k = strlen(stuff); - if (n + k > MAXPATHLEN) + if (k > MAXPATHLEN - n) k = MAXPATHLEN - n; strncpy(buffer+n, stuff, k); buffer[n+k] = '0円'; As I explained in a previous comment, this change is useless: "n+k" cannot overflow. @@ -229,10 +229,9 @@ joinpath(char buffer, char stuff) static void copy_absolute(char path, char p) { - if (p[0] == SEP) + if (p[0] == SEP \|\| getcwd(path, MAXPATHLEN) == NULL) strcpy(path, p); else { - getcwd(path, MAXPATHLEN); if (p[0] == '.' && p[1] == SEP) p += 2; joinpath(path, p); The code changed in the meanwhile (in the master branch, in 3.7 maybe, I don't recall), getcwd() error is now checked in copy_absolute(): if (!_Py_wgetcwd(path, pathlen)) { /* unable to get the current directory / wcscpy(path, p); return; } diff -pru Python-3.2a3/Modules/getpath.c Python-3.2a3/Modules/getpath.c --- Python-3.2a3/Modules/getpath.c +++ Python-3.2a3/Modules/getpath.c @@ -351,18 +351,18 @@ search_for_exec_prefix(wchar_t argv0_pa else { char buf[MAXPATHLEN+1]; PyObject decoded; - wchar_t rel_builddir_path[MAXPATHLEN+1]; - size_t n; n = fread(buf, 1, MAXPATHLEN, f); buf[n] = '0円'; fclose(f); decoded = PyUnicode_DecodeUTF8(buf, n, "surrogateescape"); if (decoded != NULL) { - n = PyUnicode_AsWideChar((PyUnicodeObject)decoded, + wchar_t rel_builddir_path[MAXPATHLEN+1]; + Py_ssize_t k; + k = PyUnicode_AsWideChar((PyUnicodeObject)decoded, rel_builddir_path, MAXPATHLEN); Py_DECREF(decoded); - if (n >= 0) { - rel_builddir_path[n] = L'0円'; + if (k >= 0) { + rel_builddir_path[k] = L'0円'; wcscpy(exec_prefix, argv0_path); joinpath(exec_prefix, rel_builddir_path); return -1; Again, the code changed in the meanwhile: wchar_t rel_builddir_path; ... rel_builddir_path = _Py_DecodeUTF8_surrogateescape(buf, n); if (rel_builddir_path) { There is a new _Py_DecodeUTF8_surrogateescape() function which returns directly wchar_t* strings. I close the issue. -- Modules/getpath.c should be rewritten without global MAXPATHLEN limit. I rewrote the code to avoid global variables and pass buffer lengths in some functions. It's better but not perfect yet :-))

Content

I reviewed getpath.diff:
diff -pru Python-2.7/Modules/getpath.c Python-2.7/Modules/getpath.c
--- Python-2.7/Modules/getpath.c
+++ Python-2.7/Modules/getpath.c
@@ -218,7 +218,7 @@ joinpath(char *buffer, char *stuff)
 if (n > MAXPATHLEN)
 Py_FatalError("buffer overflow in getpath.c's joinpath()");
 k = strlen(stuff);
- if (n + k > MAXPATHLEN)
+ if (k > MAXPATHLEN - n)
 k = MAXPATHLEN - n;
 strncpy(buffer+n, stuff, k);
 buffer[n+k] = '0円';
As I explained in a previous comment, this change is useless: "n+k" cannot overflow.
@@ -229,10 +229,9 @@ joinpath(char *buffer, char *stuff)
 static void
 copy_absolute(char *path, char *p)
 {
- if (p[0] == SEP)
+ if (p[0] == SEP || getcwd(path, MAXPATHLEN) == NULL)
 strcpy(path, p);
 else {
- getcwd(path, MAXPATHLEN);
 if (p[0] == '.' && p[1] == SEP)
 p += 2;
 joinpath(path, p);
The code changed in the meanwhile (in the master branch, in 3.7 maybe, I don't recall), getcwd() error is now checked in copy_absolute():
 if (!_Py_wgetcwd(path, pathlen)) {
 /* unable to get the current directory */
 wcscpy(path, p);
 return;
 }
diff -pru Python-3.2a3/Modules/getpath.c Python-3.2a3/Modules/getpath.c
--- Python-3.2a3/Modules/getpath.c
+++ Python-3.2a3/Modules/getpath.c
@@ -351,18 +351,18 @@ search_for_exec_prefix(wchar_t *argv0_pa
 else {
 char buf[MAXPATHLEN+1];
 PyObject *decoded;
- wchar_t rel_builddir_path[MAXPATHLEN+1];
- size_t n;
 n = fread(buf, 1, MAXPATHLEN, f);
 buf[n] = '0円';
 fclose(f);
 decoded = PyUnicode_DecodeUTF8(buf, n, "surrogateescape");
 if (decoded != NULL) {
- n = PyUnicode_AsWideChar((PyUnicodeObject*)decoded,
+ wchar_t rel_builddir_path[MAXPATHLEN+1];
+ Py_ssize_t k;
+ k = PyUnicode_AsWideChar((PyUnicodeObject*)decoded,
 rel_builddir_path, MAXPATHLEN);
 Py_DECREF(decoded);
- if (n >= 0) {
- rel_builddir_path[n] = L'0円';
+ if (k >= 0) {
+ rel_builddir_path[k] = L'0円';
 wcscpy(exec_prefix, argv0_path);
 joinpath(exec_prefix, rel_builddir_path);
 return -1;
Again, the code changed in the meanwhile:
 wchar_t *rel_builddir_path;
 ...
 rel_builddir_path = _Py_DecodeUTF8_surrogateescape(buf, n);
 if (rel_builddir_path) {
There is a new _Py_DecodeUTF8_surrogateescape() function which returns directly wchar_t* strings.
I close the issue.
--
Modules/getpath.c should be rewritten without global MAXPATHLEN limit. I rewrote the code to avoid global variables and pass buffer lengths in some functions. It's better but not perfect yet :-))

History
Date	User	Action	Args
2019年02月25日 10:10:23	vstinner	set	recipients: + vstinner, hfuru
2019年02月25日 10:10:23	vstinner	set	messageid: <1551089423.86.0.432533309006.issue10308@roundup.psfhosted.org>
2019年02月25日 10:10:23	vstinner	link	issue10308 messages
2019年02月25日 10:10:23	vstinner	create

homepage