From: Benjamin Peterson <benjamin@python.org>
Date: Wed, 17 Aug 2016 06:35:35 +0000 (-0700)
Subject: rearrange methodcaller_new so that the main error case does not cause uninitialized... 
X-Git-Tag: v2.7.13rc1~209
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aed5a4ee736bb3ab58c0bf701d5e2f292f32008f;p=python

rearrange methodcaller_new so that the main error case does not cause uninitialized memory usage (closes #27783)
---

diff --git a/Misc/NEWS b/Misc/NEWS
index ce599cde98..bb02db9543 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -29,6 +29,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #27783: Fix possible usage of uninitialized memory in operator.methodcaller.
+
 - Issue #27774: Fix possible Py_DECREF on unowned object in _sre.
 
 - Issue #27760: Fix possible integer overflow in binascii.b2a_qp.
diff --git a/Modules/operator.c b/Modules/operator.c
index ae060b825e..7ddd123f40 100644
--- a/Modules/operator.c
+++ b/Modules/operator.c
@@ -788,7 +788,7 @@ static PyObject *
 methodcaller_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
 {
     methodcallerobject *mc;
-    PyObject *name, *newargs;
+    PyObject *name;
 
     if (PyTuple_GET_SIZE(args) < 1) {
         PyErr_SetString(PyExc_TypeError, "methodcaller needs at least "
@@ -801,13 +801,6 @@ methodcaller_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
     if (mc == NULL)
         return NULL;
 
-    newargs = PyTuple_GetSlice(args, 1, PyTuple_GET_SIZE(args));
-    if (newargs == NULL) {
-        Py_DECREF(mc);
-        return NULL;
-    }
-    mc->args = newargs;
-
     name = PyTuple_GET_ITEM(args, 0);
     Py_INCREF(name);
     mc->name = name;
@@ -815,6 +808,12 @@ methodcaller_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
     Py_XINCREF(kwds);
     mc->kwds = kwds;
 
+    mc->args = PyTuple_GetSlice(args, 1, PyTuple_GET_SIZE(args));
+    if (mc->args == NULL) {
+        Py_DECREF(mc);
+        return NULL;
+    }
+
     PyObject_GC_Track(mc);
     return (PyObject *)mc;
 }