[Python-checkins] bpo-42143: Ensure PyFunction_NewWithQualName() can't fail after creating the func object (GH-22953)

miss-islington webhook-mailer at python.org
Thu Oct 29 06:24:17 EDT 2020 

https://github.com/python/cpython/commit/9ede1b071bf5250ba5f2d04d7ba86a24c06d41a1
commit: 9ede1b071bf5250ba5f2d04d7ba86a24c06d41a1
branch: 3.8
author: Miss Skeleton (bot) <31488909+miss-islington at users.noreply.github.com>
committer: miss-islington <31488909+miss-islington at users.noreply.github.com>
date: 2020-10-29T03:24:12-07:00
summary:

bpo-42143: Ensure PyFunction_NewWithQualName() can't fail after creating the func object (GH-22953)


func_dealloc() does not handle partially-created objects. Best not to give it any.
(cherry picked from commit 350526105fa9b131d8b941ae753378b741dabb2f)

Co-authored-by: Yonatan Goldschmidt <yon.goldschmidt at gmail.com>

files:
A Misc/NEWS.d/next/Core and Builtins/2020-10-27-21-34-05.bpo-42143.N6KXUO.rst
M Objects/funcobject.c

diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-10-27-21-34-05.bpo-42143.N6KXUO.rst b/Misc/NEWS.d/next/Core and Builtins/2020-10-27-21-34-05.bpo-42143.N6KXUO.rst
new file mode 100644
index 0000000000000..2b16e69da73b5
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2020-10-27-21-34-05.bpo-42143.N6KXUO.rst	
@@ -0,0 +1,2 @@
+Fix handling of errors during creation of ``PyFunctionObject``, which resulted
+in operations on uninitialized memory. Patch by Yonatan Goldschmidt.
diff --git a/Objects/funcobject.c b/Objects/funcobject.c
index df5cc2d3f5702..0fc4e127081bf 100644
--- a/Objects/funcobject.c
+++ b/Objects/funcobject.c
@@ -22,9 +22,23 @@ PyFunction_NewWithQualName(PyObject *code, PyObject *globals, PyObject *qualname
             return NULL;
     }
 
+    /* __module__: If module name is in globals, use it.
+       Otherwise, use None. */
+    module = PyDict_GetItemWithError(globals, __name__);
+    if (module) {
+        Py_INCREF(module);
+    }
+    else if (PyErr_Occurred()) {
+        return NULL;
+    }
+
     op = PyObject_GC_New(PyFunctionObject, &PyFunction_Type);
-    if (op == NULL)
+    if (op == NULL) {
+        Py_XDECREF(module);
         return NULL;
+    }
+    /* Note: No failures from this point on, since func_dealloc() does not
+       expect a partially-created object. */
 
     op->func_weakreflist = NULL;
     Py_INCREF(code);
@@ -37,6 +51,7 @@ PyFunction_NewWithQualName(PyObject *code, PyObject *globals, PyObject *qualname
     op->func_kwdefaults = NULL; /* No keyword only defaults */
     op->func_closure = NULL;
     op->vectorcall = _PyFunction_Vectorcall;
+    op->func_module = module;
 
     consts = ((PyCodeObject *)code)->co_consts;
     if (PyTuple_Size(consts) >= 1) {
@@ -50,20 +65,8 @@ PyFunction_NewWithQualName(PyObject *code, PyObject *globals, PyObject *qualname
     op->func_doc = doc;
 
     op->func_dict = NULL;
-    op->func_module = NULL;
     op->func_annotations = NULL;
 
-    /* __module__: If module name is in globals, use it.
-       Otherwise, use None. */
-    module = PyDict_GetItemWithError(globals, __name__);
-    if (module) {
-        Py_INCREF(module);
-        op->func_module = module;
-    }
-    else if (PyErr_Occurred()) {
-        Py_DECREF(op);
-        return NULL;
-    }
     if (qualname)
         op->func_qualname = qualname;
     else

More information about the Python-checkins mailing list