SearchPathW is incorrectly used in PC/launcher.c

[dpc00]

Bug report

Bug description:

"assume there is a bug in python.exe search c++ source code and find it. " was my question to Codex.

"I found a concrete bug candidate in CPython’s Windows launcher source, not in this local finance repo. The local workspace and nearby projects don’t contain C++ source for this."

Bug: PC/launcher.c::find_on_path() treats any nonzero SearchPathW() return as success:

len = SearchPathW(NULL, name, NULL, MSGSIZE, path_command.value, NULL);
if (len) {
result = &path_command;
}

But on Windows, SearchPathW() returns the required buffer length if the buffer is too small. If the resolved python.exe path is >= MSGSIZE,
this code still reports success and later launches using a truncated/invalid path_command.value.

Reachability: this is used when a shebang like /usr/bin/env python triggers:

cmd = find_on_path(PYTHON_EXECUTABLE);

So the bug is in the python.exe PATH search path.

Source:
https://github.com/python/cpython/blob/main/PC/launcher.c

Likely fix shape:

if (len && len < MSGSIZE) {
result = &path_command;
}

or better, allocate dynamically when len >= MSGSIZE.
k here, if required

### CPython versions tested on:

3.14

### Operating systems tested on:

Windows

[picnixz]

Ref from MS docs

If the return value is greater than nBufferLength, the value returned is the size of the buffer that is required to hold the path, including the terminating null character.

[zooba]

This code is deprecated and unused, so no problems here. At some point we've got to go through and do a big cleanup (remove Tools/msi and combine PC and PCbuild and move them to Platforms\Windows), so it'll go away when we do that.

Thanks for reporting, nonetheless.