[New-bugs-announce] [issue41524] PyOS_mystricmp advances pointers too far

William Meehan report at bugs.python.org
Tue Aug 11 18:01:38 EDT 2020

New submission from William Meehan <wmeehan at fb.com>:

The existing implementation of PyOS_mystricmp increments both pointers as long as the first string hasn't reached the end yet. If the second string ends first, then we increment past the null byte. If there is a difference in the middle of the two strings, then the result actually compares the following pair of letters.

PyOS_mystricmp("a", "\0") => 0 (should be positive)
PyOS_mystricmp("foo", "fro") => 0 (should be negative)

Similarly, PyOS_mystrnicmp increments the pointers in a condition before breaking out of the loop. It's possible to increment the first pointer without incrementing the second, and the result is the character past the null byte.

PyOS_mystrnicmp("\0a", "\0b", 2) => 97 (should be negative)

components: C API
messages: 375203
nosy: wmeehan
priority: normal
severity: normal
status: open
title: PyOS_mystricmp advances pointers too far
type: behavior
versions: Python 3.10, Python 3.5, Python 3.6, Python 3.7, Python 3.8, Python 3.9

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list