bpo-34408: Prevent a null pointer dereference and resource leakage in `PyInterpreterState_New()` (GH-8767)

* A pointer in `PyInterpreterState_New()` could have been `NULL` when being dereferenced.

* Memory was leaked in `PyInterpreterState_New()` when taking some error-handling code path.
This commit is contained in:
Pablo Galindo 2018-08-31 22:49:29 +01:00 committed by GitHub
parent 745c0f3980
commit 95d630e221
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 6 deletions

View File

@ -0,0 +1 @@
Prevent a null pointer dereference and resource leakage in ``PyInterpreterState_New()``.

View File

@ -172,23 +172,27 @@ PyInterpreterState_New(void)
interp->pyexitmodule = NULL;
HEAD_LOCK();
interp->next = _PyRuntime.interpreters.head;
if (_PyRuntime.interpreters.main == NULL) {
_PyRuntime.interpreters.main = interp;
}
_PyRuntime.interpreters.head = interp;
if (_PyRuntime.interpreters.next_id < 0) {
/* overflow or Py_Initialize() not called! */
PyErr_SetString(PyExc_RuntimeError,
"failed to get an interpreter ID");
/* XXX deallocate! */
PyMem_RawFree(interp);
interp = NULL;
} else {
interp->id = _PyRuntime.interpreters.next_id;
_PyRuntime.interpreters.next_id += 1;
interp->next = _PyRuntime.interpreters.head;
if (_PyRuntime.interpreters.main == NULL) {
_PyRuntime.interpreters.main = interp;
}
_PyRuntime.interpreters.head = interp;
}
HEAD_UNLOCK();
if (interp == NULL) {
return NULL;
}
interp->tstate_next_unique_id = 0;
return interp;