From 0516f81828887a8ec34a3d5ed342dd396f367dcd Mon Sep 17 00:00:00 2001 From: Zackery Spytz Date: Mon, 25 Mar 2019 08:15:36 -0600 Subject: [2.7] bpo-36421: Fix ref counting bugs in _ctypes.c's PyCArrayType_new(). (GH-12534) Add missing Py_DECREF()s. --- Modules/_ctypes/_ctypes.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c index 8abcd30..3a3aabb 100644 --- a/Modules/_ctypes/_ctypes.c +++ b/Modules/_ctypes/_ctypes.c @@ -1537,6 +1537,7 @@ PyCArrayType_new(PyTypeObject *type, PyObject *args, PyObject *kwds) if (length * itemsize < 0) { PyErr_SetString(PyExc_OverflowError, "array too large"); + Py_DECREF(stgdict); return NULL; } @@ -1559,8 +1560,10 @@ PyCArrayType_new(PyTypeObject *type, PyObject *args, PyObject *kwds) /* create the new instance (which is a class, since we are a metatype!) */ result = (PyTypeObject *)PyType_Type.tp_new(type, args, kwds); - if (result == NULL) + if (result == NULL) { + Py_DECREF(stgdict); return NULL; + } /* replace the class dict by our updated spam dict */ if (-1 == PyDict_Update((PyObject *)stgdict, result->tp_dict)) { @@ -1574,12 +1577,16 @@ PyCArrayType_new(PyTypeObject *type, PyObject *args, PyObject *kwds) A permanent annoyance: char arrays are also strings! */ if (itemdict->getfunc == _ctypes_get_fielddesc("c")->getfunc) { - if (-1 == add_getset(result, CharArray_getsets)) + if (-1 == add_getset(result, CharArray_getsets)) { + Py_DECREF(result); return NULL; + } #ifdef CTYPES_UNICODE } else if (itemdict->getfunc == _ctypes_get_fielddesc("u")->getfunc) { - if (-1 == add_getset(result, WCharArray_getsets)) + if (-1 == add_getset(result, WCharArray_getsets)) { + Py_DECREF(result); return NULL; + } #endif } -- cgit v0.12