Issue #18560: Fix potential NULL pointer dereference in sum()

2 files changed, 7 insertions, 0 deletions

diff --git a/Misc/NEWS b/Misc/NEWS
index 24b0c53..505fab5 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -12,6 +12,8 @@ What's New in Python 3.3.3 release candidate 1?
 Core and Builtins
 -----------------
 
+- Issue #18560: Fix potential NULL pointer dereference in sum().
+
 - Issue #15905: Fix theoretical buffer overflow in handling of sys.argv[0],
   prefix and exec_prefix if the operation system does not obey MAXPATHLEN.
 
diff --git a/Python/bltinmodule.c b/Python/bltinmodule.c
index 4fe8dac..b07ee8e 100644
--- a/Python/bltinmodule.c
+++ b/Python/bltinmodule.c
@@ -2009,6 +2009,11 @@ builtin_sum(PyObject *self, PyObject *args)
             }
             /* Either overflowed or is not an int. Restore real objects and process normally */
             result = PyLong_FromLong(i_result);
+            if (result == NULL) {
+                Py_DECREF(item);
+                Py_DECREF(iter);
+                return NULL;
+            }
             temp = PyNumber_Add(result, item);
             Py_DECREF(result);
             Py_DECREF(item);