fix: V-002 security vulnerability

orbisai0security · orbisai0security · commit 31193012e2ba · 2026-04-25T07:22:24.000Z
Automated security fix generated by Orbis Security AI
diff --git a/Parser/string_parser.c b/Parser/string_parser.c
@@ -182,7 +182,7 @@ decode_unicode_with_escapes(Parser *parser, const char *s, size_t len, Token *t)
             w_len = PyUnicode_GET_LENGTH(w);
             for (i = 0; i < w_len; i++) {
                 Py_UCS4 chr = PyUnicode_READ(kind, data, i);
-                sprintf(p, "\\U%08x", chr);
+                snprintf(p, 11, "\\U%08x", chr);
                 p += 10;
             }
             /* Should be impossible to overflow */
diff --git a/Programs/_freeze_module.c b/Programs/_freeze_module.c
@@ -126,7 +126,7 @@ compile_and_marshal(const char *name, const char *text)
     if (filename == NULL) {
         return PyErr_NoMemory();
     }
-    sprintf(filename, "<frozen %s>", name);
+    snprintf(filename, strlen(name) + 10, "<frozen %s>", name);
     PyObject *code = Py_CompileStringExFlags(text, filename,
                                              Py_file_input, NULL, 0);
     free(filename);
@@ -153,7 +153,7 @@ get_varname(const char *name, const char *prefix)
     if (varname == NULL) {
         return NULL;
     }
-    (void)strcpy(varname, prefix);
+    memcpy(varname, prefix, n);
     for (size_t i = 0; name[i] != '\0'; i++) {
         if (name[i] == '.') {
             varname[n++] = '_';

Original file line number	Diff line number	Diff line change
`@@ -182,7 +182,7 @@ decode_unicode_with_escapes(Parser parser, const char s, size_t len, Token *t)`
`182`	`182`	`w_len = PyUnicode_GET_LENGTH(w);`
`183`	`183`	`for (i = 0; i < w_len; i++) {`
`184`	`184`	`Py_UCS4 chr = PyUnicode_READ(kind, data, i);`
`185`		`- sprintf(p, "\\U%08x", chr);`
	`185`	`+ snprintf(p, 11, "\\U%08x", chr);`
`186`	`186`	`p += 10;`
`187`	`187`	`}`
`188`	`188`	`/* Should be impossible to overflow */`