diff options
author | Andy Clayton <q3aiml@gmail.com> | 2020-03-24 23:32:52 -0500 |
---|---|---|
committer | Martin Michlmayr <tbm@cyrius.com> | 2020-03-26 06:52:33 +0800 |
commit | 8e67a3f09cb4be58ad69f36a20b5de145a1d79f4 (patch) | |
tree | f89d674e4b00597e8c164802b884bf38d3edd804 | |
parent | 27387dabed935c0b9185e7a4d11c36d672213f4a (diff) | |
download | fork-ledger-8e67a3f09cb4be58ad69f36a20b5de145a1d79f4.tar.gz fork-ledger-8e67a3f09cb4be58ad69f36a20b5de145a1d79f4.tar.bz2 fork-ledger-8e67a3f09cb4be58ad69f36a20b5de145a1d79f4.zip |
fix python3 command (argv) wchar_t conversion
Ensure strings passed to Py_Main have a terminating null character by
including the extra character allocated for terminating null in the size
passed to mbstowcs.
Fix argv index so all arguments are not copied to argv[0]. Fixes
potential buffer overflow due to passing argv[0] as destination with
argv[i + 1] src and size to mbstowcs.
-rw-r--r-- | src/pyinterp.cc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/pyinterp.cc b/src/pyinterp.cc index 9ae37687..aeafd2bd 100644 --- a/src/pyinterp.cc +++ b/src/pyinterp.cc @@ -331,13 +331,15 @@ value_t python_interpreter_t::python_command(call_scope_t& args) #if PY_MAJOR_VERSION >= 3 wchar_t ** argv = new wchar_t *[args.size() + 1]; - argv[0] = new wchar_t[std::strlen(argv0) + 1]; - mbstowcs(argv[0], argv0, std::strlen(argv0)); + std::size_t len = std::strlen(argv0) + 1; + argv[0] = new wchar_t[len]; + mbstowcs(argv[0], argv0, len); for (std::size_t i = 0; i < args.size(); i++) { string arg = args.get<string>(i); - argv[i + 1] = new wchar_t[arg.length() + 1]; - mbstowcs(argv[0], arg.c_str(), std::strlen(arg.c_str())); + std::size_t len = arg.length() + 1; + argv[i + 1] = new wchar_t[len]; + mbstowcs(argv[i + 1], arg.c_str(), len); } #else char ** argv = new char *[args.size() + 1]; |