[Python-checkins] bpo-34770: Fix a possible null pointer dereference in pyshellext.cpp (GH-9497)

Miss Islington (bot) webhook-mailer at python.org
Tue Sep 25 00:44:16 EDT 2018


https://github.com/python/cpython/commit/db23206367e2bfbbdfb29b7699f25a14ba353ae7
commit: db23206367e2bfbbdfb29b7699f25a14ba353ae7
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2018-09-24T21:44:11-07:00
summary:

bpo-34770: Fix a possible null pointer dereference in pyshellext.cpp (GH-9497)


The GlobalLock() call in UpdateDropDescription() was not checked for
failure.

https://bugs.python.org/issue34770
(cherry picked from commit f6c8007a29b95b3ea3ca687a9b4924769a696328)

Co-authored-by: Zackery Spytz <zspytz at gmail.com>

files:
A Misc/NEWS.d/next/Windows/2018-09-22-11-02-35.bpo-34770.4lEUOd.rst
M PC/pyshellext.cpp

diff --git a/Misc/NEWS.d/next/Windows/2018-09-22-11-02-35.bpo-34770.4lEUOd.rst b/Misc/NEWS.d/next/Windows/2018-09-22-11-02-35.bpo-34770.4lEUOd.rst
new file mode 100644
index 000000000000..5e4ba8868e84
--- /dev/null
+++ b/Misc/NEWS.d/next/Windows/2018-09-22-11-02-35.bpo-34770.4lEUOd.rst
@@ -0,0 +1 @@
+Fix a possible null pointer dereference in pyshellext.cpp.
diff --git a/PC/pyshellext.cpp b/PC/pyshellext.cpp
index 04fe61e89618..019880264bee 100644
--- a/PC/pyshellext.cpp
+++ b/PC/pyshellext.cpp
@@ -172,6 +172,11 @@ class PyShellExt : public RuntimeClass<
             return E_FAIL;
         }
         auto dd = (DROPDESCRIPTION*)GlobalLock(medium.hGlobal);
+        if (!dd) {
+            OutputDebugString(L"PyShellExt::UpdateDropDescription - failed to lock DROPDESCRIPTION hGlobal");
+            ReleaseStgMedium(&medium);
+            return E_FAIL;
+        }
         StringCchCopy(dd->szMessage, sizeof(dd->szMessage) / sizeof(dd->szMessage[0]), DRAG_MESSAGE);
         StringCchCopy(dd->szInsert, sizeof(dd->szInsert) / sizeof(dd->szInsert[0]), PathFindFileNameW(target));
         dd->type = DROPIMAGE_MOVE;



More information about the Python-checkins mailing list