[Python-checkins] bpo-41175: Guard against a NULL pointer dereference within bytearrayobject (GH-21240)
stratakis
webhook-mailer at python.org
Wed Jul 8 16:39:49 EDT 2020
https://github.com/python/cpython/commit/61fc23ca106bc82955b0e59d1ab42285b94899e2
commit: 61fc23ca106bc82955b0e59d1ab42285b94899e2
branch: master
author: stratakis <cstratak at redhat.com>
committer: GitHub <noreply at github.com>
date: 2020-07-08T22:39:41+02:00
summary:
bpo-41175: Guard against a NULL pointer dereference within bytearrayobject (GH-21240)
The issue is triggered by the bytearray() + bytearray() operation.
Detected by GCC 10 static analysis tool.
files:
A Misc/NEWS.d/next/Core and Builtins/2020-06-30-20-17-31.bpo-41175.acJoXB.rst
M Objects/bytearrayobject.c
diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-06-30-20-17-31.bpo-41175.acJoXB.rst b/Misc/NEWS.d/next/Core and Builtins/2020-06-30-20-17-31.bpo-41175.acJoXB.rst
new file mode 100644
index 0000000000000..844fb804c0c8d
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2020-06-30-20-17-31.bpo-41175.acJoXB.rst
@@ -0,0 +1,2 @@
+Guard against a NULL pointer dereference within bytearrayobject triggered by
+the ``bytearray() + bytearray()`` operation.
diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index 83c79b200a0a1..7035061933098 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c
@@ -266,7 +266,9 @@ PyByteArray_Concat(PyObject *a, PyObject *b)
result = (PyByteArrayObject *) \
PyByteArray_FromStringAndSize(NULL, va.len + vb.len);
- if (result != NULL) {
+ // result->ob_bytes is NULL if result is an empty string:
+ // if va.len + vb.len equals zero.
+ if (result != NULL && result->ob_bytes != NULL) {
memcpy(result->ob_bytes, va.buf, va.len);
memcpy(result->ob_bytes + va.len, vb.buf, vb.len);
}
More information about the Python-checkins
mailing list