diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2019-09-12 00:04:27 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-09-12 00:04:27 (GMT) |
| commit | a5a7102636de82e0687af7131357762337d49c7c (patch) | |
| tree | 4df73b6e16ff0c31e2cda16590ba5ec4d227f25a | |
| parent | 8af4e0c9942424b0dc6f5e882ce0bbd36f5fbb96 (diff) | |
| download | cpython-a5a7102636de82e0687af7131357762337d49c7c.zip cpython-a5a7102636de82e0687af7131357762337d49c7c.tar.gz cpython-a5a7102636de82e0687af7131357762337d49c7c.tar.bz2 | |
closes bpo-38124: Fix bounds check in PyState_AddModule. (GH-16007)
The >=, checking whether a module index was in already in the module-by-index list, needed to be strict.
Also, fold nested ifs into one and fix some bad spacing.
(cherry picked from commit 39de95b746c990e6a2fe9af5fad01747f58b2e5f)
Co-authored-by: Benjamin Peterson <benjamin@python.org>
| -rw-r--r-- | Misc/NEWS.d/next/Core and Builtins/2019-09-12-00-14-01.bpo-38124.n6E0H7.rst | 2 | ||||
| -rw-r--r-- | Python/pystate.c | 14 |
2 files changed, 8 insertions, 8 deletions
diff --git a/Misc/NEWS.d/next/Core and Builtins/2019-09-12-00-14-01.bpo-38124.n6E0H7.rst b/Misc/NEWS.d/next/Core and Builtins/2019-09-12-00-14-01.bpo-38124.n6E0H7.rst new file mode 100644 index 0000000..dca0ba5 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2019-09-12-00-14-01.bpo-38124.n6E0H7.rst @@ -0,0 +1,2 @@ +Fix an off-by-one error in PyState_AddModule that could cause out-of-bounds +memory access. diff --git a/Python/pystate.c b/Python/pystate.c index 8f30c94..f2924a8 100644 --- a/Python/pystate.c +++ b/Python/pystate.c @@ -685,7 +685,7 @@ _PyState_AddModule(PyObject* module, struct PyModuleDef* def) if (!state->modules_by_index) return -1; } - while(PyList_GET_SIZE(state->modules_by_index) <= def->m_base.m_index) + while (PyList_GET_SIZE(state->modules_by_index) <= def->m_base.m_index) if (PyList_Append(state->modules_by_index, Py_None) < 0) return -1; Py_INCREF(module); @@ -703,13 +703,11 @@ PyState_AddModule(PyObject* module, struct PyModuleDef* def) return -1; } index = def->m_base.m_index; - if (state->modules_by_index) { - if(PyList_GET_SIZE(state->modules_by_index) >= index) { - if(module == PyList_GET_ITEM(state->modules_by_index, index)) { - Py_FatalError("PyState_AddModule: Module already added!"); - return -1; - } - } + if (state->modules_by_index && + index < PyList_GET_SIZE(state->modules_by_index) && + module == PyList_GET_ITEM(state->modules_by_index, index)) { + Py_FatalError("PyState_AddModule: Module already added!"); + return -1; } return _PyState_AddModule(module, def); } |