New submission from Alexander Riccio: I found this while writing up a separate bug (CPython doesn't use static analysis!).
In modules/posixmodule.c, win32_wchdir uses Py_ARRAY_LENGTH on a wchar_t*: wchar_t _new_path[MAX_PATH], *new_path = _new_path; int result; wchar_t env[4] = L"=x:"; if(!SetCurrentDirectoryW(path)) return FALSE; result = GetCurrentDirectoryW(Py_ARRAY_LENGTH(new_path), new_path); ...instead of using Py_ARRAY_LENGTH(_new_path), the programmer wrote Py_ARRAY_LENGTH(new_path), doesn't work on pointers: /* Get the number of elements in a visible array This does not work on pointers, or arrays declared as [], or function parameters. With correct compiler support, such usage will cause a build error (see Py_BUILD_ASSERT_EXPR). Written by Rusty Russell, public domain, http://ccodearchive.net/ */ #define Py_ARRAY_LENGTH(array) \ (sizeof(array) / sizeof((array)[0])) The same issue occurs two lines later: if (result > Py_ARRAY_LENGTH(new_path)) { Compiling with /analyze found this quite easily: c:\pythondev\repo\modules\posixmodule.c(1354): warning C6384: Dividing sizeof a pointer by another value. ---------- components: Windows messages: 256260 nosy: Alexander Riccio, larry, paul.moore, steve.dower, tim.golden, zach.ware priority: normal severity: normal status: open title: Use of Py_ARRAY_LENGTH on pointer in posixmodule.c, win32_wchdir _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25846> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com