From: Pablo Galindo Date: Fri, 31 Aug 2018 21:49:29 +0000 (+0100) Subject: bpo-34408: Prevent a null pointer dereference and resource leakage in `PyInterpreterS... X-Git-Tag: v3.8.0a1~1120 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=95d630e2213fb0ffc197ec440efa3ae3dbb74f8d;p=python bpo-34408: Prevent a null pointer dereference and resource leakage in `PyInterpreterState_New()` (GH-8767) * A pointer in `PyInterpreterState_New()` could have been `NULL` when being dereferenced. * Memory was leaked in `PyInterpreterState_New()` when taking some error-handling code path. --- diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst b/Misc/NEWS.d/next/Core and Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst new file mode 100644 index 0000000000..aacafd0d4c --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst @@ -0,0 +1 @@ +Prevent a null pointer dereference and resource leakage in ``PyInterpreterState_New()``. diff --git a/Python/pystate.c b/Python/pystate.c index 7a4cd48077..7d63f4febb 100644 --- a/Python/pystate.c +++ b/Python/pystate.c @@ -172,23 +172,27 @@ PyInterpreterState_New(void) interp->pyexitmodule = NULL; HEAD_LOCK(); - interp->next = _PyRuntime.interpreters.head; - if (_PyRuntime.interpreters.main == NULL) { - _PyRuntime.interpreters.main = interp; - } - _PyRuntime.interpreters.head = interp; if (_PyRuntime.interpreters.next_id < 0) { /* overflow or Py_Initialize() not called! */ PyErr_SetString(PyExc_RuntimeError, "failed to get an interpreter ID"); - /* XXX deallocate! */ + PyMem_RawFree(interp); interp = NULL; } else { interp->id = _PyRuntime.interpreters.next_id; _PyRuntime.interpreters.next_id += 1; + interp->next = _PyRuntime.interpreters.head; + if (_PyRuntime.interpreters.main == NULL) { + _PyRuntime.interpreters.main = interp; + } + _PyRuntime.interpreters.head = interp; } HEAD_UNLOCK(); + if (interp == NULL) { + return NULL; + } + interp->tstate_next_unique_id = 0; return interp;