bpo-35269: Fix a possible segfault involving a newly-created coroutine (GH-10585)

coro->cr_origin wasn't initialized if compute_cr_origin() failed in
PyCoro_New(), which would cause a crash during the coroutine's
deallocation.

https://bugs.python.org/issue35269

diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-11-17-10-18-29.bpo-35269.gjm1LO.rst b/Misc/NEWS.d/next/Core and Builtins/2018-11-17-10-18-29.bpo-35269.gjm1LO.rst
new file mode 100644 (file)
index 0000000..0076346
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2018-11-17-10-18-29.bpo-35269.gjm1LO.rst
@@ -0,0 +1,2 @@
+Fix a possible segfault involving a newly-created coroutine.  Patch by
+Zackery Spytz.

diff --git a/Objects/genobject.c b/Objects/genobject.c
index 98c939446e8f5adc06438da32f5fa8fe1bc971cb..716bd6d067bdbd92f9f0a49f029171a7f31c0c4c 100644 (file)
--- a/Objects/genobject.c
+++ b/Objects/genobject.c
@@ -1164,11 +1164,11 @@ PyCoro_New(PyFrameObject *f, PyObject *name, PyObject *qualname)
         ((PyCoroObject *)coro)->cr_origin = NULL;
     } else {
         PyObject *cr_origin = compute_cr_origin(origin_depth);
+        ((PyCoroObject *)coro)->cr_origin = cr_origin;
         if (!cr_origin) {
             Py_DECREF(coro);
             return NULL;
         }
-        ((PyCoroObject *)coro)->cr_origin = cr_origin;
     }
 
     return coro;