This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Alexander Riccio
Recipients Alexander Riccio, paul.moore, steve.dower, tim.golden, vinay.sajip, zach.ware
Date 2015-12-12.04:33:26
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1449894807.83.0.191660385398.issue25844@psf.upfronthosting.co.za>
In-reply-to
Content 
I found this while writing up a separate bug (CPython doesn't use static analysis!).

In PC/launcher.c, get_env has a bug:

        /* Large environment variable. Accept some leakage */
        wchar_t *buf2 = (wchar_t*)malloc(sizeof(wchar_t) * (result+1));
        if (buf2 = NULL) {
            error(RC_NO_MEMORY, L"Could not allocate environment buffer");
        }
        GetEnvironmentVariableW(key, buf2, result);
        return buf2;

See: https://hg.python.org/cpython/file/tip/PC/launcher.c#l117


Instead of `buf2 == NULL`, Vinay Sajip wrote `buf2 = NULL`. The commit where the error was introduced: https://hg.python.org/cpython/rev/4123e002a1af

Thus, whatever value was in buf2 is lost, the branch is NOT taken (because buf2 evaluates to false), and GetEnvironmentVariableW will (probably) cause an access violation. 


Compiling with /analyze found this quite easily:

c:\pythondev\repo\pc\launcher.c(117): warning C6282: Incorrect operator:  assignment of constant in Boolean context. Consider using '==' instead.
History
Date User Action Args
2015-12-12 04:33:27Alexander Ricciosetrecipients: + Alexander Riccio, paul.moore, vinay.sajip, tim.golden, zach.ware, steve.dower
2015-12-12 04:33:27Alexander Ricciosetmessageid: <1449894807.83.0.191660385398.issue25844@psf.upfronthosting.co.za>
2015-12-12 04:33:27Alexander Ricciolinkissue25844 messages
2015-12-12 04:33:26Alexander Ricciocreate