traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bpo-40020: Fix realloc leak on failure in growable_comment_array_add (GH-19083) 

Fix a leak and subsequent crash in parsetok.c caused by realloc misuse on a rare codepath. 

Realloc returns a null pointer on failure, and then growable_comment_array_deallocate crashes later when it dereferences it.
This commit is contained in:
Alexander Riccio 2020-03-30 17:15:59 -04:00 committed by GitHub
parent fc2d8d62af
commit 51e3e450fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Misc/NEWS.d/next/Core and Builtins/2020-03-19-21-53-41.bpo-40020.n-26G7.rst Normal file
View File

@ -0,0 +1 @@
Fix a leak and subsequent crash in parsetok.c caused by realloc misuse on a rare codepath.

8
Parser/parsetok.c
View File

@ -37,11 +37,13 @@ growable_comment_array_init(growable_comment_array *arr, size_t initial_size) {
static int static int
growable_comment_array_add(growable_comment_array *arr, int lineno, char *comment) { growable_comment_array_add(growable_comment_array *arr, int lineno, char *comment) {
if (arr->num_items >= arr->size) { if (arr->num_items >= arr->size) {
arr->size *= 2; size_t new_size = arr->size * 2;
arr->items = realloc(arr->items, arr->size * sizeof(*arr->items)); void *new_items_array = realloc(arr->items, new_size * sizeof(*arr->items));
if (!arr->items) { if (!new_items_array) {
return 0; return 0;
} }
arr->items = new_items_array;
arr->size = new_size;
} }
arr->items[arr->num_items].lineno = lineno; arr->items[arr->num_items].lineno = lineno;