From e5ac891c773f8893136b97a9a2c242a369ae6353 Mon Sep 17 00:00:00 2001 From: Max Bachmann Date: Sun, 26 Feb 2023 14:35:53 +0100 Subject: [PATCH 1/3] fix potential nullptr dereference + use of uninitialized memory --- Python/fileutils.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Python/fileutils.c b/Python/fileutils.c index 897c2f9f4ea160..a236048b5cf246 100644 --- a/Python/fileutils.c +++ b/Python/fileutils.c @@ -2158,7 +2158,10 @@ _Py_join_relfile(const wchar_t *dirname, const wchar_t *relfile) } assert(wcslen(dirname) < MAXPATHLEN); assert(wcslen(relfile) < MAXPATHLEN - wcslen(dirname)); - join_relfile(filename, bufsize, dirname, relfile); + if (join_relfile(filename, bufsize, dirname, relfile) < 0) { + PyMem_RawFree(filename); + return NULL; + } return filename; } @@ -2196,7 +2199,7 @@ _Py_find_basename(const wchar_t *filename) wchar_t * _Py_normpath(wchar_t *path, Py_ssize_t size) { - if (!path[0] || size == 0) { + if (path == NULL || !path[0] || size == 0) { return path; } wchar_t *pEnd = size >= 0 ? &path[size] : NULL; From 2350baf2371100adadc729154e90c82b57750f4f Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Thu, 2 Mar 2023 13:49:22 +0000 Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../2023-03-02-13-49-21.gh-issue-102281.QCuu2N.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2023-03-02-13-49-21.gh-issue-102281.QCuu2N.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2023-03-02-13-49-21.gh-issue-102281.QCuu2N.rst b/Misc/NEWS.d/next/Core and Builtins/2023-03-02-13-49-21.gh-issue-102281.QCuu2N.rst new file mode 100644 index 00000000000000..b0269dd3d92bd5 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2023-03-02-13-49-21.gh-issue-102281.QCuu2N.rst @@ -0,0 +1 @@ +Fix potential nullptr dereference and use of uninitialized memory in fileutils. Patch by Max Bachmann. From 650b7e3a36ab9b917d2e721b957ee41083000286 Mon Sep 17 00:00:00 2001 From: Max Bachmann Date: Wed, 15 Mar 2023 00:31:38 +0100 Subject: [PATCH 3/3] apply code review --- Modules/getpath.c | 5 ++++- Python/fileutils.c | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/Modules/getpath.c b/Modules/getpath.c index 13db010649fed8..d17ddbfca9ab2d 100644 --- a/Modules/getpath.c +++ b/Modules/getpath.c @@ -447,7 +447,10 @@ getpath_realpath(PyObject *Py_UNUSED(self) , PyObject *args) if (s) { *s = L'\0'; } - path2 = _Py_normpath(_Py_join_relfile(path, resolved), -1); + path2 = _Py_join_relfile(path, resolved); + if (path2) { + path2 = _Py_normpath(path2, -1); + } PyMem_RawFree((void *)path); path = path2; } diff --git a/Python/fileutils.c b/Python/fileutils.c index a236048b5cf246..1da6a6691f4271 100644 --- a/Python/fileutils.c +++ b/Python/fileutils.c @@ -2199,7 +2199,8 @@ _Py_find_basename(const wchar_t *filename) wchar_t * _Py_normpath(wchar_t *path, Py_ssize_t size) { - if (path == NULL || !path[0] || size == 0) { + assert(path != NULL); + if (!path[0] || size == 0) { return path; } wchar_t *pEnd = size >= 0 ? &path[size] : NULL;