From aa187c687882d4e157611547cea1cdb74afecb2d Mon Sep 17 00:00:00 2001
From: Benjamin Peterson <benjamin@python.org>
Date: Mon, 5 Sep 2016 12:44:38 -0700
Subject: [PATCH] rewrite unpack_add_info, so it has less memory corruption
 bugs (closes #27944)

---
 Misc/NEWS          |  3 +++
 Modules/_hotshot.c | 43 +++++++++++++++++++++----------------------
 2 files changed, 24 insertions(+), 22 deletions(-)

diff --git a/Misc/NEWS b/Misc/NEWS
index 9f2a32250d..3b07cc95a0 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -36,6 +36,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #27944: Fix some memory-corruption bugs in the log reading code of the
+  _hotshot module.
+
 - Issue #27934: Use ``float.__repr__`` instead of plain ``repr`` when JSON-
   encoding an instance of a float subclass. Thanks Eddie James.
 
diff --git a/Modules/_hotshot.c b/Modules/_hotshot.c
index 9719cb7673..da30f3bdc3 100644
--- a/Modules/_hotshot.c
+++ b/Modules/_hotshot.c
@@ -338,34 +338,33 @@ unpack_string(LogReaderObject *self, PyObject **pvalue)
 static int
 unpack_add_info(LogReaderObject *self)
 {
-    PyObject *key;
+    PyObject *key = NULL;
     PyObject *value = NULL;
     int err;
 
     err = unpack_string(self, &key);
-    if (!err) {
-        err = unpack_string(self, &value);
-        if (err)
-            Py_DECREF(key);
-        else {
-            PyObject *list = PyDict_GetItem(self->info, key);
-            if (list == NULL) {
-                list = PyList_New(0);
-                if (list == NULL) {
-                    err = ERR_EXCEPTION;
-                    goto finally;
-                }
-                if (PyDict_SetItem(self->info, key, list)) {
-                    Py_DECREF(list);
-                    err = ERR_EXCEPTION;
-                    goto finally;
-                }
-                Py_DECREF(list);
-            }
-            if (PyList_Append(list, value))
-                err = ERR_EXCEPTION;
+    if (err)
+        goto finally;
+    err = unpack_string(self, &value);
+    if (err)
+        goto finally;
+    PyObject *list = PyDict_GetItem(self->info, key);
+    if (list == NULL) {
+        list = PyList_New(0);
+        if (list == NULL) {
+            err = ERR_EXCEPTION;
+            goto finally;
+        }
+        if (PyDict_SetItem(self->info, key, list)) {
+            Py_DECREF(list);
+            err = ERR_EXCEPTION;
+            goto finally;
         }
+        Py_DECREF(list);
     }
+    if (PyList_Append(list, value))
+        err = ERR_EXCEPTION;
+
  finally:
     Py_XDECREF(key);
     Py_XDECREF(value);
-- 
2.50.1