From: Gregory P. Smith <greg@krypto.org>
Date: Mon, 22 Jun 2020 07:27:20 +0000 (-0700)
Subject: bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013)
X-Git-Tag: v3.10.0a1~563
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=81328f30703bd7225e7e73aedb0994a7293ce190;p=thirdparty%2FPython%2Fcpython.git

bpo-41056: Fix reference to deallocated stack in pathconfig (Coverity) (GH-21013)



Reported by Coverity.  (CID 1457554 RETURN_LOCAL)

path0 is assigned as a pointer to this right before it goes out of scope.
---

diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst b/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst
new file mode 100644
index 000000000000..25f93c9da310
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2020-06-21-19-53-33.bpo-41056.IDu_EK.rst	
@@ -0,0 +1 @@
+Fixes a reference to deallocated stack space during startup when constructing sys.path involving a relative symlink when code was supplied via -c.  (discovered via Coverity)
\ No newline at end of file
diff --git a/Python/pathconfig.c b/Python/pathconfig.c
index fe3ac3ee3d81..5c38041d7667 100644
--- a/Python/pathconfig.c
+++ b/Python/pathconfig.c
@@ -686,6 +686,7 @@ _PyPathConfig_ComputeSysPath0(const PyWideStringList *argv, PyObject **path0_p)
 #ifdef HAVE_READLINK
     wchar_t link[MAXPATHLEN + 1];
     int nr = 0;
+    wchar_t path0copy[2 * MAXPATHLEN + 1];
 
     if (have_script_arg) {
         nr = _Py_wreadlink(path0, link, Py_ARRAY_LENGTH(link));
@@ -708,7 +709,6 @@ _PyPathConfig_ComputeSysPath0(const PyWideStringList *argv, PyObject **path0_p)
             }
             else {
                 /* Must make a copy, path0copy has room for 2 * MAXPATHLEN */
-                wchar_t path0copy[2 * MAXPATHLEN + 1];
                 wcsncpy(path0copy, path0, MAXPATHLEN);
                 q = wcsrchr(path0copy, SEP);
                 wcsncpy(q+1, link, MAXPATHLEN);