Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

memory access before short string when checking suffix #48095

Closed
doko42 opened this issue Sep 12, 2008 · 2 comments
Closed

memory access before short string when checking suffix #48095

doko42 opened this issue Sep 12, 2008 · 2 comments
Assignees
@doko42
Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs)

Comments

@doko42
Copy link
Member

doko42 commented Sep 12, 2008

BPO 3845
Nosy @doko42

Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

Show more details

GitHub fields:

assignee = 'https://github.com/doko42'
closed_at = <Date 2009-04-04.14:34:04.530>
created_at = <Date 2008-09-12.12:11:40.927>
labels = ['interpreter-core']
title = 'memory access before short string when checking suffix'
updated_at = <Date 2009-04-04.14:34:04.433>
user = 'https://github.com/doko42'

bugs.python.org fields:

activity = <Date 2009-04-04.14:34:04.433>
actor = 'doko'
assignee = 'doko'
closed = True
closed_date = <Date 2009-04-04.14:34:04.530>
closer = 'doko'
components = ['Interpreter Core']
creation = <Date 2008-09-12.12:11:40.927>
creator = 'doko'
dependencies = []
files = []
hgrepos = []
issue_num = 3845
keywords = []
message_count = 2.0
messages = ['73083', '85397']
nosy_count = 2.0
nosy_names = ['doko', 'ralph.corderoy']
pr_nums = []
priority = 'normal'
resolution = 'fixed'
stage = None
status = 'closed'
superseder = None
type = None
url = 'https://bugs.python.org/issue3845'
versions = ['Python 2.6', 'Python 2.5']
@doko42
Copy link
Member Author

doko42 commented Sep 12, 2008

forwarded from https://launchpad.net/bugs/234798

Bug reporter writes:

Python/pythonrun.c's PyRun_SimpleFileExFlags() assumes the filename's
extension
starts four characters back from the end. But what if the filename is
only one
character long? Memory before the filename is referenced which is probably
outside the memory allocated for the string. Here's the relevant bits of
code,
boring lines deleted.

    int
    PyRun_SimpleFileExFlags(FILE *fp, const char *filename, int closeit,
                            PyCompilerFlags *flags)
    {
        ext = filename + strlen(filename) - 4;
        if (maybe_pyc_file(fp, filename, ext, closeit)) {
            if (strcmp(ext, ".pyo") == 0)
                Py_OptimizeFlag = 1;
    }

    static int
    maybe_pyc_file(FILE *fp, const char* filename, const char* ext, int
closeit)
    {
        if (strcmp(ext, ".pyc") == 0 || strcmp(ext, ".pyo") == 0)
            return 1;
    }

A trivial solution is:

    len = strlen(filename);
    ext = filename + len - len > 4 ? 4 : 0;

This will make ext point to the NUL terminator unless filename has room
for the desired /\.py[co]$/ suffix *and* at least one character
beforehand, since I don't suppose it's intended that ".pyo" is a valid
pyo file.

@doko42 doko42 added the interpreter-core (Objects, Python, Grammar, and Parser dirs) label Sep 12, 2008
@doko42
Copy link
Member Author

doko42 commented Apr 4, 2009

fixed for 2.7, 2.6, 3.1

@doko42 doko42 closed this as completed Apr 4, 2009
@doko42 doko42 self-assigned this Apr 4, 2009
@ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@doko42 doko42

Labels
interpreter-core (Objects, Python, Grammar, and Parser dirs)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@doko42