https://github.com/python/cpython/commit/dec39716ca93ee2e8d9b94915ece33014eb... commit: dec39716ca93ee2e8d9b94915ece33014eb58e9e branch: master author: Victor Stinner <vstinner@python.org> committer: GitHub <noreply@github.com> date: 2019-09-30T14:49:34+02:00 summary: bpo-38322: Fix gotlandmark() of PC/getpathp.c (GH-16489) Write the filename into a temporary buffer instead of reusing prefix. The problem is that join() modifies prefix inplace. If prefix is not normalized, join() can make prefix shorter and so gotlandmark() does modify prefix instead of returning it unmodified. files: M PC/getpathp.c diff --git a/PC/getpathp.c b/PC/getpathp.c index 8bac592aefdb..04f24d986f66 100644 --- a/PC/getpathp.c +++ b/PC/getpathp.c @@ -315,15 +315,13 @@ canonicalize(wchar_t *buffer, const wchar_t *path) 'prefix' is null terminated in bounds. join() ensures 'landmark' can not overflow prefix if too long. */ static int -gotlandmark(wchar_t *prefix, const wchar_t *landmark) +gotlandmark(const wchar_t *prefix, const wchar_t *landmark) { - int ok; - Py_ssize_t n = wcsnlen_s(prefix, MAXPATHLEN); - - join(prefix, landmark); - ok = ismodule(prefix, FALSE); - prefix[n] = '\0'; - return ok; + wchar_t filename[MAXPATHLEN+1]; + memset(filename, 0, sizeof(filename)); + wcscpy_s(filename, Py_ARRAY_LENGTH(filename), prefix); + join(filename, landmark); + return ismodule(filename, FALSE); }