From 96c593279400693226d5a560c420ae0fcf1731b9 Mon Sep 17 00:00:00 2001 From: Zackery Spytz Date: Wed, 3 Oct 2018 00:01:30 -0600 Subject: [PATCH] bpo-34879: Fix a possible null pointer dereference in bytesobject.c (GH-9683) formatfloat() was not checking if PyBytes_FromStringAndSize() failed, which could lead to a null pointer dereference in _PyBytes_FormatEx(). --- .../Core and Builtins/2018-10-02-22-55-11.bpo-34879.7VNH2a.rst | 2 ++ Objects/bytesobject.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2018-10-02-22-55-11.bpo-34879.7VNH2a.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-10-02-22-55-11.bpo-34879.7VNH2a.rst b/Misc/NEWS.d/next/Core and Builtins/2018-10-02-22-55-11.bpo-34879.7VNH2a.rst new file mode 100644 index 00000000000..5775a219a27 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2018-10-02-22-55-11.bpo-34879.7VNH2a.rst @@ -0,0 +1,2 @@ +Fix a possible null pointer dereference in bytesobject.c. Patch by Zackery +Spytz. diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c index fb344c1896a..d51d1ba023c 100644 --- a/Objects/bytesobject.c +++ b/Objects/bytesobject.c @@ -448,7 +448,7 @@ formatfloat(PyObject *v, int flags, int prec, int type, result = PyBytes_FromStringAndSize(p, len); PyMem_Free(p); *p_result = result; - return str; + return result != NULL ? str : NULL; } static PyObject *