bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013)

Reported by Coverity.  (CID 1457554 RETURN_LOCAL)

path0 is assigned as a pointer to this right before it goes out of scope.

diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst b/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst
new file mode 100644 (file)
index 0000000..25f93c9
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst
@@ -0,0 +1 @@
+Fixes a reference to deallocated stack space during startup when constructing sys.path involving a relative symlink when code was supplied via -c.  (discovered via Coverity)
\ No newline at end of file

diff --git a/Python/pathconfig.c b/Python/pathconfig.c
index fe3ac3ee3d8121cd5c336696c47397b528f15077..5c38041d7667bdb3df1607fde2d22d02bd36d211 100644 (file)
--- a/Python/pathconfig.c
+++ b/Python/pathconfig.c
@@ -686,6 +686,7 @@ _PyPathConfig_ComputeSysPath0(const PyWideStringList *argv, PyObject **path0_p)
 #ifdef HAVE_READLINK
     wchar_t link[MAXPATHLEN + 1];
     int nr = 0;
+    wchar_t path0copy[2 * MAXPATHLEN + 1];
 
     if (have_script_arg) {
         nr = _Py_wreadlink(path0, link, Py_ARRAY_LENGTH(link));
@@ -708,7 +709,6 @@ _PyPathConfig_ComputeSysPath0(const PyWideStringList *argv, PyObject **path0_p)
             }
             else {
                 /* Must make a copy, path0copy has room for 2 * MAXPATHLEN */
-                wchar_t path0copy[2 * MAXPATHLEN + 1];
                 wcsncpy(path0copy, path0, MAXPATHLEN);
                 q = wcsrchr(path0copy, SEP);
                 wcsncpy(q+1, link, MAXPATHLEN);