summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAndy Clayton <q3aiml@gmail.com>2020-03-24 23:32:52 -0500
committerMartin Michlmayr <tbm@cyrius.com>2020-03-26 06:52:33 +0800
commit8e67a3f09cb4be58ad69f36a20b5de145a1d79f4 (patch)
treef89d674e4b00597e8c164802b884bf38d3edd804 /src
parent27387dabed935c0b9185e7a4d11c36d672213f4a (diff)
downloadfork-ledger-8e67a3f09cb4be58ad69f36a20b5de145a1d79f4.tar.gz
fork-ledger-8e67a3f09cb4be58ad69f36a20b5de145a1d79f4.tar.bz2
fork-ledger-8e67a3f09cb4be58ad69f36a20b5de145a1d79f4.zip
fix python3 command (argv) wchar_t conversion
Ensure strings passed to Py_Main have a terminating null character by including the extra character allocated for terminating null in the size passed to mbstowcs. Fix argv index so all arguments are not copied to argv[0]. Fixes potential buffer overflow due to passing argv[0] as destination with argv[i + 1] src and size to mbstowcs.
Diffstat (limited to 'src')
-rw-r--r--src/pyinterp.cc10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/pyinterp.cc b/src/pyinterp.cc
index 9ae37687..aeafd2bd 100644
--- a/src/pyinterp.cc
+++ b/src/pyinterp.cc
@@ -331,13 +331,15 @@ value_t python_interpreter_t::python_command(call_scope_t& args)
#if PY_MAJOR_VERSION >= 3
wchar_t ** argv = new wchar_t *[args.size() + 1];
- argv[0] = new wchar_t[std::strlen(argv0) + 1];
- mbstowcs(argv[0], argv0, std::strlen(argv0));
+ std::size_t len = std::strlen(argv0) + 1;
+ argv[0] = new wchar_t[len];
+ mbstowcs(argv[0], argv0, len);
for (std::size_t i = 0; i < args.size(); i++) {
string arg = args.get<string>(i);
- argv[i + 1] = new wchar_t[arg.length() + 1];
- mbstowcs(argv[0], arg.c_str(), std::strlen(arg.c_str()));
+ std::size_t len = arg.length() + 1;
+ argv[i + 1] = new wchar_t[len];
+ mbstowcs(argv[i + 1], arg.c_str(), len);
}
#else
char ** argv = new char *[args.size() + 1];