From dd9d781da30aa3740e54c063a40413c542d78c25 Mon Sep 17 00:00:00 2001 From: denballakh <47365157+denballakh@users.noreply.github.com> Date: Sun, 8 Oct 2023 03:04:51 +0300 Subject: gh-110237: Check `PyList_Append` for errors in `_PyEval_MatchClass` (#110238) --- .../2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst | 1 + Python/ceval.c | 14 +++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst b/Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst new file mode 100644 index 0000000..67b95c5 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst @@ -0,0 +1 @@ +Fix missing error checks for calls to ``PyList_Append`` in ``_PyEval_MatchClass``. diff --git a/Python/ceval.c b/Python/ceval.c index cae29e0..ac40425 100644 --- a/Python/ceval.c +++ b/Python/ceval.c @@ -506,7 +506,9 @@ _PyEval_MatchClass(PyThreadState *tstate, PyObject *subject, PyObject *type, } if (match_self) { // Easy. Copy the subject itself, and move on to kwargs. - PyList_Append(attrs, subject); + if (PyList_Append(attrs, subject) < 0) { + goto fail; + } } else { for (Py_ssize_t i = 0; i < nargs; i++) { @@ -522,7 +524,10 @@ _PyEval_MatchClass(PyThreadState *tstate, PyObject *subject, PyObject *type, if (attr == NULL) { goto fail; } - PyList_Append(attrs, attr); + if (PyList_Append(attrs, attr) < 0) { + Py_DECREF(attr); + goto fail; + } Py_DECREF(attr); } } @@ -535,7 +540,10 @@ _PyEval_MatchClass(PyThreadState *tstate, PyObject *subject, PyObject *type, if (attr == NULL) { goto fail; } - PyList_Append(attrs, attr); + if (PyList_Append(attrs, attr) < 0) { + Py_DECREF(attr); + goto fail; + } Py_DECREF(attr); } Py_SETREF(attrs, PyList_AsTuple(attrs)); -- cgit v0.12