From f0a39a4b660cc27d40288216cb9e5a8611109c56 Mon Sep 17 00:00:00 2001 From: Sergei Trofimovich Date: Fri, 26 Nov 2021 07:51:49 +0000 Subject: [PATCH] python_api.c: enlarge `c_arguments` array to avoid OOB write Code below explicitly refers past `args_len`th element: c_arguments[args_len][0] = NULL; c_arguments[args_len][1] = NULL; Let's always allocate space for `NULL`. Noticed by Steffen Jaeckel. --- src/plugins/python_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/python_api.c b/src/plugins/python_api.c index 2ccd672b..90e33579 100644 --- a/src/plugins/python_api.c +++ b/src/plugins/python_api.c @@ -158,7 +158,7 @@ python_api_register_command(PyObject* self, PyObject* args) c_synopsis[len] = NULL; Py_ssize_t args_len = PyList_Size(arguments); - char* c_arguments[args_len == 0 ? 0 : args_len + 1][2]; + char* c_arguments[args_len + 1][2]; for (i = 0; i < args_len; i++) { PyObject* item = PyList_GetItem(arguments, i); Py_ssize_t len2 = PyList_Size(item);