Issue #18560: Fix potential NULL pointer dereference in sum()

2 files changed, 7 insertions, 0 deletions

diff --git a/Misc/NEWS b/Misc/NEWS
index 2f387e7..10ea9f7 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -10,6 +10,8 @@ What's New in Python 3.4.0 Alpha 1?
 Core and Builtins
 -----------------
 
+- Issue #18560: Fix potential NULL pointer dereference in sum().
+
 - Issue #18520: Add a new PyStructSequence_InitType2() function, same than
   PyStructSequence_InitType() except that it has a return value (0 on success,
   -1 on error).
diff --git a/Python/bltinmodule.c b/Python/bltinmodule.c
index 06d71f7..fb3abae 100644
--- a/Python/bltinmodule.c
+++ b/Python/bltinmodule.c
@@ -2030,6 +2030,11 @@ builtin_sum(PyObject *self, PyObject *args)
             }
             /* Either overflowed or is not an int. Restore real objects and process normally */
             result = PyLong_FromLong(i_result);
+            if (result == NULL) {
+                Py_DECREF(item);
+                Py_DECREF(iter);
+                return NULL;
+            }
             temp = PyNumber_Add(result, item);
             Py_DECREF(result);
             Py_DECREF(item);