[issue1298813] sysmodule.c: realpath() is unsafe
report at bugs.python.org
Sun Aug 21 01:56:59 CEST 2011
Antoine Pitrou <pitrou at free.fr> added the comment:
The latest POSIX versions (*) allow NULL to be passed for the target memory area, meaning that realpath() will allocate as much memory as necessary by itself. This essentially does the same thing as canonicalize_file_name(), but in a standard way rather than by relying on a GNU extension.
I suppose that possibility could be checked at configure time.
stage: test needed -> needs patch
versions: +Python 3.3
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list