bpo-34395: Don't free allocated memory on realloc fail in load_mark() in _pickle...

diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index 39628fcef5d5c4c76149b23c99a87b79ce5dc211..2de70f5d9405dcbc477ea76883f36c45ddd9afea 100644 (file)
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -6289,24 +6289,14 @@ load_mark(UnpicklerObject *self)
      */
 
     if (self->num_marks >= self->marks_size) {
-        size_t alloc;
-
-        /* Use the size_t type to check for overflow. */
-        alloc = ((size_t)self->num_marks << 1) + 20;
-        if (alloc > (PY_SSIZE_T_MAX / sizeof(Py_ssize_t)) ||
-            alloc <= ((size_t)self->num_marks + 1)) {
-            PyErr_NoMemory();
-            return -1;
-        }
-
-        Py_ssize_t *marks_old = self->marks;
-        PyMem_RESIZE(self->marks, Py_ssize_t, alloc);
-        if (self->marks == NULL) {
-            PyMem_FREE(marks_old);
-            self->marks_size = 0;
+        size_t alloc = ((size_t)self->num_marks << 1) + 20;
+        Py_ssize_t *marks_new = self->marks;
+        PyMem_RESIZE(marks_new, Py_ssize_t, alloc);
+        if (marks_new == NULL) {
             PyErr_NoMemory();
             return -1;
         }
+        self->marks = marks_new;
         self->marks_size = (Py_ssize_t)alloc;
     }