Author christian.heimes
Recipients christian.heimes
Date 2012-09-10.16:09:45
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
In Python/sysmodule.c the function sys_update_path() uses wcscpy to copy data to a fixed size buffer. The input comes from an external source (argv[0]) and could theoretically be larger than the buffer.

Suggested solution:
Increase the buffer a bit:

    wchar_t argv0copy[sizeof(wchar_t)* (MAXPATHLEN+1)];

and use wcsncpy:

    wcsncpy(argv0copy, argv0, MAXPATHLEN);
    argv0copy[MAXPATHLEN] = L'\0';

CID 486850
Date User Action Args
2012-09-10 16:09:46christian.heimessetrecipients: + christian.heimes
2012-09-10 16:09:46christian.heimessetmessageid: <>
2012-09-10 16:09:46christian.heimeslinkissue15905 messages
2012-09-10 16:09:45christian.heimescreate