diff options
| -rw-r--r-- | Misc/NEWS | 1 | ||||
| -rw-r--r-- | Modules/_winapi.c | 14 |
2 files changed, 13 insertions, 2 deletions
@@ -13,6 +13,7 @@ Core and Builtins Library ------- +- Issue #23361: Fix possible overflow in Windows subprocess creation code. What's New in Python 3.4.3rc1? ============================== diff --git a/Modules/_winapi.c b/Modules/_winapi.c index b755178..d472c9e 100644 --- a/Modules/_winapi.c +++ b/Modules/_winapi.c @@ -535,13 +535,23 @@ getenvironment(PyObject* environment) "environment can only contain strings"); goto error; } + if (totalsize > PY_SSIZE_T_MAX - PyUnicode_GET_LENGTH(key) - 1) { + PyErr_SetString(PyExc_OverflowError, "environment too long"); + goto error; + } totalsize += PyUnicode_GET_LENGTH(key) + 1; /* +1 for '=' */ + if (totalsize > PY_SSIZE_T_MAX - PyUnicode_GET_LENGTH(value) - 1) { + PyErr_SetString(PyExc_OverflowError, "environment too long"); + goto error; + } totalsize += PyUnicode_GET_LENGTH(value) + 1; /* +1 for '\0' */ } - buffer = PyMem_Malloc(totalsize * sizeof(Py_UCS4)); - if (! buffer) + buffer = PyMem_NEW(Py_UCS4, totalsize); + if (! buffer) { + PyErr_NoMemory(); goto error; + } p = buffer; end = buffer + totalsize; |