[Python-checkins] [3.10] gh-99240: Reset pointer to NULL when the pointed memory is freed in argument parsing (GH-99890) (#100386)

kumaraditya303 webhook-mailer at python.org
Wed Dec 21 05:03:26 EST 2022 

https://github.com/python/cpython/commit/591365cd49cf1065e27bb1358aa5f07bd854dd33
commit: 591365cd49cf1065e27bb1358aa5f07bd854dd33
branch: 3.10
author: colorfulappl <colorfulappl at qq.com>
committer: kumaraditya303 <59607654+kumaraditya303 at users.noreply.github.com>
date: 2022-12-21T15:33:21+05:30
summary:

[3.10] gh-99240: Reset pointer to NULL when the pointed memory is freed in argument parsing (GH-99890) (#100386)

(cherry picked from commit efbb1eb9f54cad4f7bf5df03eed3a6aba02d99f4)

Co-authored-by: Kumar Aditya <59607654+kumaraditya303 at users.noreply.github.com>
Co-authored-by: Erlend E. Aasland <erlend.aasland at protonmail.com>

files:
A Misc/NEWS.d/next/C API/2022-11-30-16-39-22.gh-issue-99240.67nAX-.rst
M Lib/test/test_capi/test_getargs.py
M Modules/_testcapimodule.c
M Python/getargs.c

diff --git a/Lib/test/test_capi/test_getargs.py b/Lib/test/test_capi/test_getargs.py
index 72b6d64a4986..552fa2135247 100644
--- a/Lib/test/test_capi/test_getargs.py
+++ b/Lib/test/test_capi/test_getargs.py
@@ -1098,6 +1098,10 @@ def test_Z_hash(self):
             warnings.simplefilter('error', DeprecationWarning)
             self.assertRaises(DeprecationWarning, getargs_Z_hash, 'abc\xe9')
 
+    def test_gh_99240_clear_args(self):
+        from _testcapi import gh_99240_clear_args
+        self.assertRaises(TypeError, gh_99240_clear_args, 'a', '\0b')
+
 
 class Object_TestCase(unittest.TestCase):
     def test_S(self):
diff --git a/Misc/NEWS.d/next/C API/2022-11-30-16-39-22.gh-issue-99240.67nAX-.rst b/Misc/NEWS.d/next/C API/2022-11-30-16-39-22.gh-issue-99240.67nAX-.rst
new file mode 100644
index 000000000000..9a1bb3cf5a73
--- /dev/null
+++ b/Misc/NEWS.d/next/C API/2022-11-30-16-39-22.gh-issue-99240.67nAX-.rst	
@@ -0,0 +1,2 @@
+In argument parsing, after deallocating newly allocated memory, reset its
+pointer to NULL.
diff --git a/Modules/_testcapimodule.c b/Modules/_testcapimodule.c
index 20c90c441e6b..c0c86722eb3c 100644
--- a/Modules/_testcapimodule.c
+++ b/Modules/_testcapimodule.c
@@ -5671,6 +5671,7 @@ test_fatal_error(PyObject *self, PyObject *args)
 static PyObject *test_buildvalue_issue38913(PyObject *, PyObject *);
 static PyObject *getargs_s_hash_int(PyObject *, PyObject *, PyObject*);
 static PyObject *getargs_s_hash_int2(PyObject *, PyObject *, PyObject*);
+static PyObject *gh_99240_clear_args(PyObject *, PyObject *);
 
 static PyMethodDef TestMethods[] = {
     {"raise_exception",         raise_exception,                 METH_VARARGS},
@@ -5784,6 +5785,7 @@ static PyMethodDef TestMethods[] = {
       METH_VARARGS|METH_KEYWORDS},
     {"getargs_s_hash_int2",      (PyCFunction)(void(*)(void))getargs_s_hash_int2,
       METH_VARARGS|METH_KEYWORDS},
+    {"gh_99240_clear_args",     gh_99240_clear_args,             METH_VARARGS},
     {"getargs_z",               getargs_z,                       METH_VARARGS},
     {"getargs_z_star",          getargs_z_star,                  METH_VARARGS},
     {"getargs_z_hash",          getargs_z_hash,                  METH_VARARGS},
@@ -7500,3 +7502,21 @@ getargs_s_hash_int2(PyObject *self, PyObject *args, PyObject *kwargs)
     PyBuffer_Release(&buf);
     Py_RETURN_NONE;
 }
+
+static PyObject *
+gh_99240_clear_args(PyObject *self, PyObject *args)
+{
+    char *a = NULL;
+    char *b = NULL;
+
+    if (!PyArg_ParseTuple(args, "eses", "idna", &a, "idna", &b)) {
+        if (a || b) {
+            PyErr_Clear();
+            PyErr_SetString(PyExc_AssertionError, "Arguments are not cleared.");
+        }
+        return NULL;
+    }
+    PyMem_Free(a);
+    PyMem_Free(b);
+    Py_RETURN_NONE;
+}
diff --git a/Python/getargs.c b/Python/getargs.c
index fd49ee0f05d4..3b65cfad54f9 100644
--- a/Python/getargs.c
+++ b/Python/getargs.c
@@ -201,9 +201,9 @@ _PyArg_VaParse_SizeT(PyObject *args, const char *format, va_list va)
 static int
 cleanup_ptr(PyObject *self, void *ptr)
 {
-    if (ptr) {
-        PyMem_Free(ptr);
-    }
+    void **pptr = (void **)ptr;
+    PyMem_Free(*pptr);
+    *pptr = NULL;
     return 0;
 }
 
@@ -1168,7 +1168,7 @@ _Py_COMP_DIAG_POP
                     PyErr_NoMemory();
                     RETURN_ERR_OCCURRED;
                 }
-                if (addcleanup(*buffer, freelist, cleanup_ptr)) {
+                if (addcleanup(buffer, freelist, cleanup_ptr)) {
                     Py_DECREF(s);
                     return converterr(
                         "(cleanup problem)",
@@ -1214,7 +1214,7 @@ _Py_COMP_DIAG_POP
                 PyErr_NoMemory();
                 RETURN_ERR_OCCURRED;
             }
-            if (addcleanup(*buffer, freelist, cleanup_ptr)) {
+            if (addcleanup(buffer, freelist, cleanup_ptr)) {
                 Py_DECREF(s);
                 return converterr("(cleanup problem)",
                                 arg, msgbuf, bufsize);

More information about the Python-checkins mailing list