New submission from Aidan Hobson Sayers: Posix says the following on the subject of getenv:
> The returned string pointer might be invalidated or the string content might > be overwritten by a subsequent call to getenv() (http://pubs.opengroup.org/onlinepubs/9699919799/functions/getenv.html) Unfortunately, in Modules/getpath.c: static void calculate_path(void) { [...] char *_rtpypath = Py_GETENV("PYTHONPATH"); /* XXX use wide version on Windows */ wchar_t *rtpypath = NULL; wchar_t *home = Py_GetPythonHome(); char *_path = getenv("PATH"); So 3 potential getenv calls in quick succession, meaning _rtpypath and home can become junk before they get used and Python crashes before it can start up (it becomes unable to find the site module). Unfortunately it looks like the assumption that getenv pointers will remain safe forever is used in a few places in python. Explicit notes on the correct use of getenv: https://www.securecoding.cert.org/confluence/display/seccode/ENV34-C.+Do+not+store+pointers+returned+by+certain+functions Someone's apparently seen this before (but didn't report it?) - http://sourceforge.net/p/edk2/mailman/edk2-devel/thread/66bd57653246d24e9698b0a6509545a86ddb8...@orsmsx109.amr.corp.intel.com/ ---------- components: Interpreter Core messages: 229788 nosy: aidanhs priority: normal severity: normal status: open title: Posix getenv makes no guarantee of lifetime of returned string type: crash versions: Python 2.7, Python 3.2, Python 3.3, Python 3.4, Python 3.5, Python 3.6 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue22689> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
