Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0],
prefix and exec_prefix if the operation system does not obey MAXPATHLEN.
diff --git a/Python/sysmodule.c b/Python/sysmodule.c
index 20bfa55..edd6649 100644
--- a/Python/sysmodule.c
+++ b/Python/sysmodule.c
@@ -1856,10 +1856,11 @@
if (q == NULL)
argv0 = link; /* argv0 without path */
else {
- /* Must make a copy */
- wcscpy(argv0copy, argv0);
+ /* Must make a copy, argv0copy has room for 2 * MAXPATHLEN */
+ wcsncpy(argv0copy, argv0, MAXPATHLEN);
q = wcsrchr(argv0copy, SEP);
- wcscpy(q+1, link);
+ wcsncpy(q+1, link, MAXPATHLEN);
+ q[MAXPATHLEN + 1] = L'\0';
argv0 = argv0copy;
}
}