From 07a2a1b7e512bb1a19b220b7bb8d941dc54cea86 Mon Sep 17 00:00:00 2001
From: Christian Heimes <christian@python.org>
Date: Fri, 9 Sep 2016 00:21:22 +0200
Subject: [PATCH] Additional safe-guard against dereferencing NULL in
 reduce_newobj

_PyObject_GetNewArguments() can leave args == NULL but the __newobj_ex__
branch expects args to be not-NULL.

CID 1353201
---
 Objects/typeobject.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Objects/typeobject.c b/Objects/typeobject.c
index 209d4fab1f6..ae593636e6c 100644
--- a/Objects/typeobject.c
+++ b/Objects/typeobject.c
@@ -4263,7 +4263,7 @@ reduce_newobj(PyObject *obj)
         }
         Py_XDECREF(args);
     }
-    else {
+    else if (args != NULL) {
         _Py_IDENTIFIER(__newobj_ex__);
 
         newobj = _PyObject_GetAttrId(copyreg, &PyId___newobj_ex__);
@@ -4281,6 +4281,12 @@ reduce_newobj(PyObject *obj)
             return NULL;
         }
     }
+    else {
+        /* args == NULL */
+        Py_DECREF(kwargs);
+        PyErr_BadInternalCall();
+        return NULL;
+    }
 
     state = _PyObject_GetState(obj,
                 !hasargs && !PyList_Check(obj) && !PyDict_Check(obj));