From: Benjamin Peterson Date: Wed, 17 Aug 2016 06:35:35 +0000 (-0700) Subject: rearrange methodcaller_new so that the main error case does not cause uninitialized... X-Git-Tag: v2.7.13rc1~209 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aed5a4ee736bb3ab58c0bf701d5e2f292f32008f;p=python rearrange methodcaller_new so that the main error case does not cause uninitialized memory usage (closes #27783) --- diff --git a/Misc/NEWS b/Misc/NEWS index ce599cde98..bb02db9543 100644 --- a/Misc/NEWS +++ b/Misc/NEWS @@ -29,6 +29,8 @@ Core and Builtins Library ------- +- Issue #27783: Fix possible usage of uninitialized memory in operator.methodcaller. + - Issue #27774: Fix possible Py_DECREF on unowned object in _sre. - Issue #27760: Fix possible integer overflow in binascii.b2a_qp. diff --git a/Modules/operator.c b/Modules/operator.c index ae060b825e..7ddd123f40 100644 --- a/Modules/operator.c +++ b/Modules/operator.c @@ -788,7 +788,7 @@ static PyObject * methodcaller_new(PyTypeObject *type, PyObject *args, PyObject *kwds) { methodcallerobject *mc; - PyObject *name, *newargs; + PyObject *name; if (PyTuple_GET_SIZE(args) < 1) { PyErr_SetString(PyExc_TypeError, "methodcaller needs at least " @@ -801,13 +801,6 @@ methodcaller_new(PyTypeObject *type, PyObject *args, PyObject *kwds) if (mc == NULL) return NULL; - newargs = PyTuple_GetSlice(args, 1, PyTuple_GET_SIZE(args)); - if (newargs == NULL) { - Py_DECREF(mc); - return NULL; - } - mc->args = newargs; - name = PyTuple_GET_ITEM(args, 0); Py_INCREF(name); mc->name = name; @@ -815,6 +808,12 @@ methodcaller_new(PyTypeObject *type, PyObject *args, PyObject *kwds) Py_XINCREF(kwds); mc->kwds = kwds; + mc->args = PyTuple_GetSlice(args, 1, PyTuple_GET_SIZE(args)); + if (mc->args == NULL) { + Py_DECREF(mc); + return NULL; + } + PyObject_GC_Track(mc); return (PyObject *)mc; }