classification
Title: memcpy writes to wrong destination
Type: Stage: resolved
Components: Extension Modules Versions: Python 3.10, Python 3.9, Python 3.8
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: Nosy List: drewbenn, josh.r, serhiy.storchaka
Priority: normal Keywords:

Created on 2021-03-02 04:06 by drewbenn, last changed 2021-03-03 02:56 by josh.r. This issue is now closed.

Messages (3)
msg387899 - (view) Author: (drewbenn) Date: 2021-03-02 04:06
In Modules/_functoolsmodule.c's partial_vectorcall(), there are two consecutive memcpys:

    memcpy(stack, pto_args, pto_nargs * sizeof(PyObject*));
    memcpy(stack + pto_nargs, args, nargs_total * sizeof(PyObject*));

The second should copy to `stack + pto_nargs * sizeof(PyObject*)`. As-is, the code will work correctly unless both `pto_nargs` and `nargs_total` are non-zero.
msg387913 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2021-03-02 11:18
The code looks correct to me. Note that the stack variable has type PyObject**, so stack + pto_nargs is equal to (PyObject**)((char *)stack + pto_nargs*sizeof(PyObject*)).

Did I missed something?
msg387994 - (view) Author: Josh Rosenberg (josh.r) * (Python triager) Date: 2021-03-03 02:56
Agreed, stack is a PyObject**, so adding an integer (pto_nargs) to the pointer (stack) is implicitly by multiples of sizeof(PyObject*). This is how pointer arithmetic works in all versions of C I'm aware of. The code is correct.
History
Date User Action Args
2021-03-03 02:56:46josh.rsetstatus: open -> closed

nosy: + josh.r
messages: + msg387994

resolution: not a bug
stage: resolved
2021-03-02 11:18:41serhiy.storchakasetnosy: + serhiy.storchaka
messages: + msg387913
2021-03-02 04:06:12drewbenncreate