From 00aebabc7139741fadfe877372c733a2160c7dbd Mon Sep 17 00:00:00 2001 From: "Miss Islington (bot)" <31488909+miss-islington@users.noreply.github.com> Date: Wed, 15 Aug 2018 02:59:11 -0400 Subject: closes bpo-34400: Fix undefined behavior in parsetok(). (GH-4439) Avoid undefined pointer arithmetic with NULL. (cherry picked from commit 7c4ab2afb17b99eb3f61f9c73cbd548b5e0ad2c0) Co-authored-by: Zackery Spytz --- .../next/Core and Builtins/2018-08-14-03-52-43.bpo-34400.AJD0bz.rst | 1 + Parser/parsetok.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2018-08-14-03-52-43.bpo-34400.AJD0bz.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-08-14-03-52-43.bpo-34400.AJD0bz.rst b/Misc/NEWS.d/next/Core and Builtins/2018-08-14-03-52-43.bpo-34400.AJD0bz.rst new file mode 100644 index 0000000..768f5a2 --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2018-08-14-03-52-43.bpo-34400.AJD0bz.rst @@ -0,0 +1 @@ +Fix undefined behavior in parsetok.c. Patch by Zackery Spytz. diff --git a/Parser/parsetok.c b/Parser/parsetok.c index 069cc6b..3189873 100644 --- a/Parser/parsetok.c +++ b/Parser/parsetok.c @@ -176,7 +176,7 @@ parsetok(struct tok_state *tok, grammar *g, int start, perrdetail *err_ret, } else started = 1; - len = b - a; /* XXX this may compute NULL - NULL */ + len = (a != NULL && b != NULL) ? b - a : 0; str = (char *) PyObject_MALLOC(len + 1); if (str == NULL) { fprintf(stderr, "no mem for next token\n"); -- cgit v0.12