This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Alexander Riccio
Recipients Alexander Riccio, larry, paul.moore, steve.dower, tim.golden, zach.ware
Date 2015-12-12.05:01:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1449896489.9.0.639940283646.issue25846@psf.upfronthosting.co.za>
In-reply-to
Content 
I found this while writing up a separate bug (CPython doesn't use static analysis!).

In modules/posixmodule.c, win32_wchdir uses Py_ARRAY_LENGTH on a wchar_t*:

    wchar_t _new_path[MAX_PATH], *new_path = _new_path;
    int result;
    wchar_t env[4] = L"=x:";

    if(!SetCurrentDirectoryW(path))
        return FALSE;
    result = GetCurrentDirectoryW(Py_ARRAY_LENGTH(new_path), new_path);


...instead of using Py_ARRAY_LENGTH(_new_path), the programmer wrote Py_ARRAY_LENGTH(new_path), doesn't work on pointers:

/* Get the number of elements in a visible array

   This does not work on pointers, or arrays declared as [], or function
   parameters. With correct compiler support, such usage will cause a build
   error (see Py_BUILD_ASSERT_EXPR).

   Written by Rusty Russell, public domain, http://ccodearchive.net/
*/
#define Py_ARRAY_LENGTH(array) \
    (sizeof(array) / sizeof((array)[0]))


The same issue occurs two lines later:

    if (result > Py_ARRAY_LENGTH(new_path)) {



Compiling with /analyze found this quite easily:

c:\pythondev\repo\modules\posixmodule.c(1354): warning C6384: Dividing sizeof a pointer by another value.
History
Date User Action Args
2015-12-12 05:01:29Alexander Ricciosetrecipients: + Alexander Riccio, paul.moore, larry, tim.golden, zach.ware, steve.dower
2015-12-12 05:01:29Alexander Ricciosetmessageid: <1449896489.9.0.639940283646.issue25846@psf.upfronthosting.co.za>
2015-12-12 05:01:29Alexander Ricciolinkissue25846 messages
2015-12-12 05:01:28Alexander Ricciocreate