bpo-34395: Don't free allocated memory on realloc fail in load_mark() in _pickle.c. (GH-8788)

This commit is contained in:
Sergey Fedoseev 2018-08-25 15:41:58 +05:00 committed by Serhiy Storchaka
parent 86b89916d1
commit 90555eca44
1 changed files with 5 additions and 15 deletions

View File

@ -6289,24 +6289,14 @@ load_mark(UnpicklerObject *self)
*/ */
if (self->num_marks >= self->marks_size) { if (self->num_marks >= self->marks_size) {
size_t alloc; size_t alloc = ((size_t)self->num_marks << 1) + 20;
Py_ssize_t *marks_new = self->marks;
/* Use the size_t type to check for overflow. */ PyMem_RESIZE(marks_new, Py_ssize_t, alloc);
alloc = ((size_t)self->num_marks << 1) + 20; if (marks_new == NULL) {
if (alloc > (PY_SSIZE_T_MAX / sizeof(Py_ssize_t)) ||
alloc <= ((size_t)self->num_marks + 1)) {
PyErr_NoMemory();
return -1;
}
Py_ssize_t *marks_old = self->marks;
PyMem_RESIZE(self->marks, Py_ssize_t, alloc);
if (self->marks == NULL) {
PyMem_FREE(marks_old);
self->marks_size = 0;
PyErr_NoMemory(); PyErr_NoMemory();
return -1; return -1;
} }
self->marks = marks_new;
self->marks_size = (Py_ssize_t)alloc; self->marks_size = (Py_ssize_t)alloc;
} }