[Python-checkins] closes bpo-38124: Fix bounds check in PyState_AddModule. (GH-16007)
Miss Islington (bot)
webhook-mailer at python.org
Wed Sep 11 20:02:54 EDT 2019
https://github.com/python/cpython/commit/8892a1d685e4898b28961308b3c1447fe9ad3269
commit: 8892a1d685e4898b28961308b3c1447fe9ad3269
branch: 3.7
author: Miss Islington (bot) <31488909+miss-islington at users.noreply.github.com>
committer: GitHub <noreply at github.com>
date: 2019-09-11T17:02:50-07:00
summary:
closes bpo-38124: Fix bounds check in PyState_AddModule. (GH-16007)
The >=, checking whether a module index was in already in the module-by-index list, needed to be strict.
Also, fold nested ifs into one and fix some bad spacing.
(cherry picked from commit 39de95b746c990e6a2fe9af5fad01747f58b2e5f)
Co-authored-by: Benjamin Peterson <benjamin at python.org>
files:
A Misc/NEWS.d/next/Core and Builtins/2019-09-12-00-14-01.bpo-38124.n6E0H7.rst
M Python/pystate.c
diff --git a/Misc/NEWS.d/next/Core and Builtins/2019-09-12-00-14-01.bpo-38124.n6E0H7.rst b/Misc/NEWS.d/next/Core and Builtins/2019-09-12-00-14-01.bpo-38124.n6E0H7.rst
new file mode 100644
index 000000000000..dca0ba5bc0cc
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2019-09-12-00-14-01.bpo-38124.n6E0H7.rst
@@ -0,0 +1,2 @@
+Fix an off-by-one error in PyState_AddModule that could cause out-of-bounds
+memory access.
diff --git a/Python/pystate.c b/Python/pystate.c
index fc695c62a330..90cd56bb05f4 100644
--- a/Python/pystate.c
+++ b/Python/pystate.c
@@ -484,7 +484,7 @@ _PyState_AddModule(PyObject* module, struct PyModuleDef* def)
if (!state->modules_by_index)
return -1;
}
- while(PyList_GET_SIZE(state->modules_by_index) <= def->m_base.m_index)
+ while (PyList_GET_SIZE(state->modules_by_index) <= def->m_base.m_index)
if (PyList_Append(state->modules_by_index, Py_None) < 0)
return -1;
Py_INCREF(module);
@@ -502,13 +502,11 @@ PyState_AddModule(PyObject* module, struct PyModuleDef* def)
return -1;
}
index = def->m_base.m_index;
- if (state->modules_by_index) {
- if(PyList_GET_SIZE(state->modules_by_index) >= index) {
- if(module == PyList_GET_ITEM(state->modules_by_index, index)) {
- Py_FatalError("PyState_AddModule: Module already added!");
- return -1;
- }
- }
+ if (state->modules_by_index &&
+ index < PyList_GET_SIZE(state->modules_by_index) &&
+ module == PyList_GET_ITEM(state->modules_by_index, index)) {
+ Py_FatalError("PyState_AddModule: Module already added!");
+ return -1;
}
return _PyState_AddModule(module, def);
}
More information about the Python-checkins
mailing list