From 3de83e9b619e4f5d61772e5d7377819ac12bc136 Mon Sep 17 00:00:00 2001
From: Thomas Heller <theller@ctypes.org>
Date: Tue, 1 Aug 2006 16:54:43 +0000
Subject: Fix a potential segfault and various potentail refcount leaks in the
 cast() function.

---
 Modules/_ctypes/_ctypes.c | 28 +++++++++++++---------------
 1 file changed, 13 insertions(+), 15 deletions(-)

diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c
index 18c2db4..d26ad1d 100644
--- a/Modules/_ctypes/_ctypes.c
+++ b/Modules/_ctypes/_ctypes.c
@@ -4521,32 +4521,30 @@ cast(void *ptr, PyObject *src, PyObject *ctype)
 		if (obj->b_objects == Py_None) {
 			Py_DECREF(Py_None);
 			obj->b_objects = PyDict_New();
-			if (!obj->b_objects) {
-				Py_DECREF(result);
-				return NULL;
-			}
+			if (obj->b_objects == NULL)
+				goto failed;
 		}
-		/* XXX(nnorwitz): shouldn't the INCREF only be done in an else? */
-		Py_INCREF(obj->b_objects);
 		result->b_objects = obj->b_objects;
 		if (result->b_objects) {
-			PyObject *index = PyLong_FromVoidPtr((void *)src);
+			PyObject *index;
 			int rc;
-			if (index == NULL) {
-				Py_DECREF(result);
-				return NULL;
-			}
+			Py_INCREF(obj->b_objects);
+			index = PyLong_FromVoidPtr((void *)src);
+			if (index == NULL)
+				goto failed;
 			rc = PyDict_SetItem(result->b_objects, index, src);
 			Py_DECREF(index);
-			if (rc == -1) {
-				Py_DECREF(result);
-				return NULL;
-			}
+			if (rc == -1)
+				goto failed;
 		}
 	}
 	/* Should we assert that result is a pointer type? */
 	memcpy(result->b_ptr, &ptr, sizeof(void *));
 	return (PyObject *)result;
+
+  failed:
+	Py_DECREF(result);
+	return NULL;
 }
 
 #ifdef CTYPES_UNICODE
-- 
cgit v0.12