diff --git a/src/debugpy/_vendored/pydevd/_pydevd_sys_monitoring/_pydevd_sys_monitoring_cython.c b/src/debugpy/_vendored/pydevd/_pydevd_sys_monitoring/_pydevd_sys_monitoring_cython.c index 30b927110..389088c29 100644 --- a/src/debugpy/_vendored/pydevd/_pydevd_sys_monitoring/_pydevd_sys_monitoring_cython.c +++ b/src/debugpy/_vendored/pydevd/_pydevd_sys_monitoring/_pydevd_sys_monitoring_cython.c @@ -41994,7 +41994,7 @@ static void __Pyx_State_ConvertFromInterpIdAsIndex(__Pyx_ModuleStateLookupData * __Pyx_InterpreterIdAndModule *read = data->table; __Pyx_InterpreterIdAndModule *write = data->table; __Pyx_InterpreterIdAndModule *end = read + data->count; - for (; readmodule) { write->id = read->id; write->module = read->module; diff --git a/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py b/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py index 14f73f4f8..8ec4c12a5 100644 --- a/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py +++ b/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py @@ -177,6 +177,15 @@ def build_extension(dir_name, extension_name, target_pydevd_name, force_cython, c_file_contents = c_file_contents.replace(r"_pydevd_bundle\\pydevd_cython.pxd", "_pydevd_bundle/pydevd_cython.pxd") c_file_contents = c_file_contents.replace(r"_pydevd_bundle\\pydevd_cython.pyx", "_pydevd_bundle/pydevd_cython.pyx") + # Suppress Flawfinder false positive (CWE-120/CWE-20) in the + # Cython 3.x ModuleStateLookup boilerplate (`__Pyx_State_ConvertFromInterpIdAsIndex`): + # `read` is a bounded pointer iterator (not POSIX read()), and the loop is + # guarded by `read < end` where `end = read + data->count`. + c_file_contents = c_file_contents.replace( + " for (; read