[Python-checkins] [3.7] bpo-34408: Prevent a null pointer dereference and resource leakage in `PyInterpreterState_New()` (GH-8767) (GH-13237)

Pablo Galindo webhook-mailer at python.org
Fri May 10 16:16:26 EDT 2019 

https://github.com/python/cpython/commit/34ed40f2e56703de04241cbacb306113b59a84f9
commit: 34ed40f2e56703de04241cbacb306113b59a84f9
branch: 3.7
author: Pablo Galindo <Pablogsal at gmail.com>
committer: GitHub <noreply at github.com>
date: 2019-05-10T21:16:19+01:00
summary:

[3.7] bpo-34408: Prevent a null pointer dereference and resource leakage in `PyInterpreterState_New()` (GH-8767) (GH-13237)

* A pointer in `PyInterpreterState_New()` could have been `NULL` when being dereferenced.

* Memory was leaked in `PyInterpreterState_New()` when taking some error-handling code path.
(cherry picked from commit 95d630e)

Co-authored-by: Pablo Galindo <Pablogsal at gmail.com>

files:
A Misc/NEWS.d/next/Core and Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst
M Python/pystate.c

diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst b/Misc/NEWS.d/next/Core and Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst
new file mode 100644
index 000000000000..aacafd0d4c27
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst	
@@ -0,0 +1 @@
+Prevent a null pointer dereference and resource leakage in ``PyInterpreterState_New()``.
diff --git a/Python/pystate.c b/Python/pystate.c
index 8077a3ee7ab0..fc695c62a330 100644
--- a/Python/pystate.c
+++ b/Python/pystate.c
@@ -167,23 +167,27 @@ PyInterpreterState_New(void)
     interp->pyexitmodule = NULL;
 
     HEAD_LOCK();
-    interp->next = _PyRuntime.interpreters.head;
-    if (_PyRuntime.interpreters.main == NULL) {
-        _PyRuntime.interpreters.main = interp;
-    }
-    _PyRuntime.interpreters.head = interp;
     if (_PyRuntime.interpreters.next_id < 0) {
         /* overflow or Py_Initialize() not called! */
         PyErr_SetString(PyExc_RuntimeError,
                         "failed to get an interpreter ID");
-        /* XXX deallocate! */
+        PyMem_RawFree(interp);
         interp = NULL;
     } else {
         interp->id = _PyRuntime.interpreters.next_id;
         _PyRuntime.interpreters.next_id += 1;
+        interp->next = _PyRuntime.interpreters.head;
+        if (_PyRuntime.interpreters.main == NULL) {
+            _PyRuntime.interpreters.main = interp;
+        }
+        _PyRuntime.interpreters.head = interp;
     }
     HEAD_UNLOCK();
 
+    if (interp == NULL) {
+        return NULL;
+    }
+
     interp->tstate_next_unique_id = 0;
 
     return interp;

More information about the Python-checkins mailing list