Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0],

prefix and exec_prefix if the operation system does not obey MAXPATHLEN.
2025-07-19 09:15:34 +00:00 · 2013-07-22 12:53:32 +02:00 · 2013-07-22 12:53:32 +02:00 · 60a6067709
commit 60a6067709
parent 37c916dd18
3 changed files with 19 additions and 7 deletions
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@ -1856,10 +1856,11 @@ sys_update_path(int argc, wchar_t **argv)
            if (q == NULL)
                argv0 = link; /* argv0 without path */
            else {
-                /* Must make a copy */
-                wcscpy(argv0copy, argv0);
+                /* Must make a copy, argv0copy has room for 2 * MAXPATHLEN */
+                wcsncpy(argv0copy, argv0, MAXPATHLEN);
                q = wcsrchr(argv0copy, SEP);
-                wcscpy(q+1, link);
+                wcsncpy(q+1, link, MAXPATHLEN);
+                q[MAXPATHLEN + 1] = L'\0';
                argv0 = argv0copy;
            }
        }