diff options
| author | Martin Panter <vadmium+py@gmail.com> | 2016-06-14 01:27:11 (GMT) |
|---|---|---|
| committer | Martin Panter <vadmium+py@gmail.com> | 2016-06-14 01:27:11 (GMT) |
| commit | bfb15ab71165ccdf65ed1243e80e7e293999f034 (patch) | |
| tree | e8b23233d40f4043e6d32e81406cb66c16d4a853 /Misc | |
| parent | f00c49df10f04bf3b40c7d91efb8204068524d8f (diff) | |
| download | cpython-bfb15ab71165ccdf65ed1243e80e7e293999f034.zip cpython-bfb15ab71165ccdf65ed1243e80e7e293999f034.tar.gz cpython-bfb15ab71165ccdf65ed1243e80e7e293999f034.tar.bz2 | |
Issue #22636: avoid using a shell in the ctypes.util module
Replace os.popen() with subprocess.Popen. Based on patch by Victor Stinner.
If the "gcc", "cc" or "objdump" command is not available, the code was
supposed to raise an OSError exception. But there was a bug in the code. The
shell code returns the exit code 10 if the required command is missing, and the
code tries to check for the status 10. The problem is that os.popen() doesn't
return the exit code directly, but a status which should be processed by
os.WIFEXITED() and os.WEXITSTATUS(). In practice, the exception was never
raised. The OSError exception was not documented and ctypes.util.find_library()
is expected to return None if the library is not found.
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -13,6 +13,9 @@ Core and Builtins Library ------- +- Issue #22636: Avoid shell injection problems with + ctypes.util.find_library(). + - Issue #16182: Fix various functions in the "readline" module to use the locale encoding, and fix get_begidx() and get_endidx() to return code point indexes. |