forwarded from https://launchpad.net/bugs/234798
Bug reporter writes:
Python/pythonrun.c's PyRun_SimpleFileExFlags() assumes the filename's
extension
starts four characters back from the end. But what if the filename is
only one
character long? Memory before the filename is referenced which is probably
outside the memory allocated for the string. Here's the relevant bits of
code,
boring lines deleted.
int
PyRun_SimpleFileExFlags(FILE *fp, const char *filename, int closeit,
PyCompilerFlags *flags)
{
ext = filename + strlen(filename) - 4;
if (maybe_pyc_file(fp, filename, ext, closeit)) {
if (strcmp(ext, ".pyo") == 0)
Py_OptimizeFlag = 1;
}
static int
maybe_pyc_file(FILE *fp, const char* filename, const char* ext, int
closeit)
{
if (strcmp(ext, ".pyc") == 0 || strcmp(ext, ".pyo") == 0)
return 1;
}
A trivial solution is:
len = strlen(filename);
ext = filename + len - len > 4 ? 4 : 0;
This will make ext point to the NUL terminator unless filename has room
for the desired /\.py[co]$/ suffix *and* at least one character
beforehand, since I don't suppose it's intended that ".pyo" is a valid
pyo file.
|