closes bpo-38124: Fix bounds check in PyState_AddModule. (GH-16007)

The >=, checking whether a module index was in already in the module-by-index list, needed to be strict. Also, fold nested ifs into one and fix some bad spacing.
2019-09-12 00:43:22 +01:00 · 2019-09-12 00:43:22 +01:00 · 39de95b746
parent ee536b2020
commit 39de95b746
2 changed files with 8 additions and 8 deletions
--- a/Builtins/2019-09-12-00-14-01.bpo-38124.n6E0H7.rst
+++ b/Builtins/2019-09-12-00-14-01.bpo-38124.n6E0H7.rst
@ -0,0 +1,2 @@
 Fix an off-by-one error in PyState_AddModule that could cause out-of-bounds
 memory access.
--- a/Python/pystate.c
+++ b/Python/pystate.c
@ -684,7 +684,7 @@ _PyState_AddModule(PyObject* module, struct PyModuleDef* def)
        if (!state->modules_by_index)
            return -1;
    }
-    while(PyList_GET_SIZE(state->modules_by_index) <= def->m_base.m_index)
+    while (PyList_GET_SIZE(state->modules_by_index) <= def->m_base.m_index)
        if (PyList_Append(state->modules_by_index, Py_None) < 0)
            return -1;
    Py_INCREF(module);
@ -702,14 +702,12 @@ PyState_AddModule(PyObject* module, struct PyModuleDef* def)
        return -1;
    }
    index = def->m_base.m_index;
-    if (state->modules_by_index) {
+    if (state->modules_by_index &&
-        if(PyList_GET_SIZE(state->modules_by_index) >= index) {
+        index < PyList_GET_SIZE(state->modules_by_index) &&
-            if(module == PyList_GET_ITEM(state->modules_by_index, index)) {
+        module == PyList_GET_ITEM(state->modules_by_index, index)) {
        Py_FatalError("PyState_AddModule: Module already added!");
        return -1;
    }
        }
    }
    return _PyState_AddModule(module, def);
 }
		`@ -0,0 +1,2 @@`
							`Fix an off-by-one error in PyState_AddModule that could cause out-of-bounds`
							`memory access.`