Author serhiy.storchaka
Recipients ezio.melotti, serhiy.storchaka, steve.dower, vstinner
Date 2017-06-20.04:38:09
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1497933490.61.0.851016867821.issue30708@psf.upfronthosting.co.za>
In-reply-to
Content
The second parameter of the PyUnicode_AsWideCharString() function

    wchar_t* PyUnicode_AsWideCharString(PyObject *unicode, Py_ssize_t *size)

is a pointer to Py_ssize_t. The size of created wchar_t array is saved on this pointer if it is not NULL. If NULL is passed as the second argument, the only way to determine the size of the wchar_t string is using wcslen(). But if the string contains the null characters, it looks truncated for wcslen() and other C API functions.

Reliable code should always pass the non-NULL second argument and check that wcslen() is equal to the returned string size. See for example the code in Modules/_io/winconsoleio.c. Passing NULL as the second argument is unsafe. But most code doesn't do such check (see all other usages of PyUnicode_AsWideCharString(..., NULL)). And this check complicates the callers code.

I propose to make the check for null characters inside of PyUnicode_AsWideCharString() if NULL is passes as the second argument. This will fix all unsafe usages of PyUnicode_AsWideCharString() and allow to simplify the reliable code.

This issue fixes the part of issue13617.
History
Date User Action Args
2017-06-20 04:38:10serhiy.storchakasetrecipients: + serhiy.storchaka, vstinner, ezio.melotti, steve.dower
2017-06-20 04:38:10serhiy.storchakasetmessageid: <1497933490.61.0.851016867821.issue30708@psf.upfronthosting.co.za>
2017-06-20 04:38:10serhiy.storchakalinkissue30708 messages
2017-06-20 04:38:09serhiy.storchakacreate