summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSergey Fedoseev <fedoseev.sergey@gmail.com>2018-08-25 10:41:58 (GMT)
committerSerhiy Storchaka <storchaka@gmail.com>2018-08-25 10:41:58 (GMT)
commit90555eca44a19c743d39b7fd2e05f7bc37fb5cb8 (patch)
tree3b11e6b721faa5ecc493b416d4587d06ef8aeae7
parent86b89916d1b0a26c1e77f53b68829ca583425054 (diff)
downloadcpython-90555eca44a19c743d39b7fd2e05f7bc37fb5cb8.zip
cpython-90555eca44a19c743d39b7fd2e05f7bc37fb5cb8.tar.gz
cpython-90555eca44a19c743d39b7fd2e05f7bc37fb5cb8.tar.bz2
bpo-34395: Don't free allocated memory on realloc fail in load_mark() in _pickle.c. (GH-8788)
-rw-r--r--Modules/_pickle.c20
1 files changed, 5 insertions, 15 deletions
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
index 39628fc..2de70f5 100644
--- a/Modules/_pickle.c
+++ b/Modules/_pickle.c
@@ -6289,24 +6289,14 @@ load_mark(UnpicklerObject *self)
*/
if (self->num_marks >= self->marks_size) {
- size_t alloc;
-
- /* Use the size_t type to check for overflow. */
- alloc = ((size_t)self->num_marks << 1) + 20;
- if (alloc > (PY_SSIZE_T_MAX / sizeof(Py_ssize_t)) ||
- alloc <= ((size_t)self->num_marks + 1)) {
- PyErr_NoMemory();
- return -1;
- }
-
- Py_ssize_t *marks_old = self->marks;
- PyMem_RESIZE(self->marks, Py_ssize_t, alloc);
- if (self->marks == NULL) {
- PyMem_FREE(marks_old);
- self->marks_size = 0;
+ size_t alloc = ((size_t)self->num_marks << 1) + 20;
+ Py_ssize_t *marks_new = self->marks;
+ PyMem_RESIZE(marks_new, Py_ssize_t, alloc);
+ if (marks_new == NULL) {
PyErr_NoMemory();
return -1;
}
+ self->marks = marks_new;
self->marks_size = (Py_ssize_t)alloc;
}