Message256260
I found this while writing up a separate bug (CPython doesn't use static analysis!).
In modules/posixmodule.c, win32_wchdir uses Py_ARRAY_LENGTH on a wchar_t*:
wchar_t _new_path[MAX_PATH], *new_path = _new_path;
int result;
wchar_t env[4] = L"=x:";
if(!SetCurrentDirectoryW(path))
return FALSE;
result = GetCurrentDirectoryW(Py_ARRAY_LENGTH(new_path), new_path);
...instead of using Py_ARRAY_LENGTH(_new_path), the programmer wrote Py_ARRAY_LENGTH(new_path), doesn't work on pointers:
/* Get the number of elements in a visible array
This does not work on pointers, or arrays declared as [], or function
parameters. With correct compiler support, such usage will cause a build
error (see Py_BUILD_ASSERT_EXPR).
Written by Rusty Russell, public domain, http://ccodearchive.net/
*/
#define Py_ARRAY_LENGTH(array) \
(sizeof(array) / sizeof((array)[0]))
The same issue occurs two lines later:
if (result > Py_ARRAY_LENGTH(new_path)) {
Compiling with /analyze found this quite easily:
c:\pythondev\repo\modules\posixmodule.c(1354): warning C6384: Dividing sizeof a pointer by another value. |
|
Date |
User |
Action |
Args |
2015-12-12 05:01:29 | Alexander Riccio | set | recipients:
+ Alexander Riccio, paul.moore, larry, tim.golden, zach.ware, steve.dower |
2015-12-12 05:01:29 | Alexander Riccio | set | messageid: <1449896489.9.0.639940283646.issue25846@psf.upfronthosting.co.za> |
2015-12-12 05:01:29 | Alexander Riccio | link | issue25846 messages |
2015-12-12 05:01:28 | Alexander Riccio | create | |
|