bpo-34408: Prevent a null pointer dereference and resource leakage in `PyInterpreterState_New()` (GH-8767)

* A pointer in `PyInterpreterState_New()` could have been `NULL` when being dereferenced. * Memory was leaked in `PyInterpreterState_New()` when taking some error-handling code path.
2018-08-31 22:49:29 +01:00 · 2018-08-31 22:49:29 +01:00 · 95d630e221
parent 745c0f3980
commit 95d630e221
2 changed files with 11 additions and 6 deletions
--- a/Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst
+++ b/Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst
@ -0,0 +1 @@
+Prevent a null pointer dereference and resource leakage in ``PyInterpreterState_New()``.
--- a/Python/pystate.c
+++ b/Python/pystate.c
@ -172,23 +172,27 @@ PyInterpreterState_New(void)
    interp->pyexitmodule = NULL;

    HEAD_LOCK();
-    interp->next = _PyRuntime.interpreters.head;
-    if (_PyRuntime.interpreters.main == NULL) {
-        _PyRuntime.interpreters.main = interp;
-    }
-    _PyRuntime.interpreters.head = interp;
    if (_PyRuntime.interpreters.next_id < 0) {
        /* overflow or Py_Initialize() not called! */
        PyErr_SetString(PyExc_RuntimeError,
                        "failed to get an interpreter ID");
-        /* XXX deallocate! */
+        PyMem_RawFree(interp);
        interp = NULL;
    } else {
        interp->id = _PyRuntime.interpreters.next_id;
        _PyRuntime.interpreters.next_id += 1;
+        interp->next = _PyRuntime.interpreters.head;
+        if (_PyRuntime.interpreters.main == NULL) {
+            _PyRuntime.interpreters.main = interp;
+        }
+        _PyRuntime.interpreters.head = interp;
    }
    HEAD_UNLOCK();

+    if (interp == NULL) {
+        return NULL;
+    }
+
    interp->tstate_next_unique_id = 0;

    return interp;
				`@ -0,0 +1 @@`
				Prevent a null pointer dereference and resource leakage in ``PyInterpreterState_New()``.