[New-bugs-announce] [issue31337] Small opportunity for NULL dereference in compile.c
Barry A. Warsaw
report at bugs.python.org
Mon Sep 4 12:43:32 EDT 2017
New submission from Barry A. Warsaw:
There is a very minor opportunity for NULL dereference in compile.c. compiler_subdict() does not check the return value of get_const_value(), which could be NULL. This was found by Kirit Sankar Gupta.
This is not a security issue in practice, since compiler_subdict() calls are_all_items_const() before it gets to the call, so the condition which triggers get_const_value() to return NULL will never happen (i.e. the default: clause of get_const_value()). Still, it can't hurt to be more correct in case the conditions which are implicitly assumed could change. Plus the fix is super easy, so why not do it?
----------
assignee: barry
components: Interpreter Core
messages: 301222
nosy: barry
priority: normal
severity: normal
status: open
title: Small opportunity for NULL dereference in compile.c
versions: Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue31337>
_______________________________________
More information about the New-bugs-announce
mailing list