diff options
author | Sergey Fedoseev <fedoseev.sergey@gmail.com> | 2018-08-25 10:41:58 (GMT) |
---|---|---|
committer | Serhiy Storchaka <storchaka@gmail.com> | 2018-08-25 10:41:58 (GMT) |
commit | 90555eca44a19c743d39b7fd2e05f7bc37fb5cb8 (patch) | |
tree | 3b11e6b721faa5ecc493b416d4587d06ef8aeae7 | |
parent | 86b89916d1b0a26c1e77f53b68829ca583425054 (diff) | |
download | cpython-90555eca44a19c743d39b7fd2e05f7bc37fb5cb8.zip cpython-90555eca44a19c743d39b7fd2e05f7bc37fb5cb8.tar.gz cpython-90555eca44a19c743d39b7fd2e05f7bc37fb5cb8.tar.bz2 |
bpo-34395: Don't free allocated memory on realloc fail in load_mark() in _pickle.c. (GH-8788)
-rw-r--r-- | Modules/_pickle.c | 20 |
1 files changed, 5 insertions, 15 deletions
diff --git a/Modules/_pickle.c b/Modules/_pickle.c index 39628fc..2de70f5 100644 --- a/Modules/_pickle.c +++ b/Modules/_pickle.c @@ -6289,24 +6289,14 @@ load_mark(UnpicklerObject *self) */ if (self->num_marks >= self->marks_size) { - size_t alloc; - - /* Use the size_t type to check for overflow. */ - alloc = ((size_t)self->num_marks << 1) + 20; - if (alloc > (PY_SSIZE_T_MAX / sizeof(Py_ssize_t)) || - alloc <= ((size_t)self->num_marks + 1)) { - PyErr_NoMemory(); - return -1; - } - - Py_ssize_t *marks_old = self->marks; - PyMem_RESIZE(self->marks, Py_ssize_t, alloc); - if (self->marks == NULL) { - PyMem_FREE(marks_old); - self->marks_size = 0; + size_t alloc = ((size_t)self->num_marks << 1) + 20; + Py_ssize_t *marks_new = self->marks; + PyMem_RESIZE(marks_new, Py_ssize_t, alloc); + if (marks_new == NULL) { PyErr_NoMemory(); return -1; } + self->marks = marks_new; self->marks_size = (Py_ssize_t)alloc; } |