From 41a9f49bc5d52b44386fe44ed6a1983bd2cd65cc Mon Sep 17 00:00:00 2001
From: "Miss Islington (bot)"
 <31488909+miss-islington@users.noreply.github.com>
Date: Thu, 3 Nov 2022 11:09:15 -0700
Subject: gh-98978: Fix Py_SetPythonHome(NULL) (GH-99066)

Fix use-after-free in Py_SetPythonHome(NULL), Py_SetProgramName(NULL)
and _Py_SetProgramFullPath(NULL) function calls.

Issue reported by Benedikt Reinartz.
(cherry picked from commit b07f546ea3a574bc3016fb023c157c65a47f4849)

Co-authored-by: Victor Stinner <vstinner@python.org>
---
 .../NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst | 3 +++
 Python/pathconfig.c                                                 | 6 ++++++
 2 files changed, 9 insertions(+)
 create mode 100644 Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst

diff --git a/Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst b/Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst
new file mode 100644
index 0000000..b967272
--- /dev/null
+++ b/Misc/NEWS.d/next/C API/2022-11-03-17-46-41.gh-issue-98978.KJjBvv.rst	
@@ -0,0 +1,3 @@
+Fix use-after-free in ``Py_SetPythonHome(NULL)``,
+``Py_SetProgramName(NULL)`` and ``_Py_SetProgramFullPath(NULL)`` function
+calls. Issue reported by Benedikt Reinartz. Patch by Victor Stinner.
diff --git a/Python/pathconfig.c b/Python/pathconfig.c
index 69b7e10..be0f97c 100644
--- a/Python/pathconfig.c
+++ b/Python/pathconfig.c
@@ -261,6 +261,8 @@ Py_SetPythonHome(const wchar_t *home)
     _PyMem_SetDefaultAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
 
     PyMem_RawFree(_Py_path_config.home);
+    _Py_path_config.home = NULL;
+
     if (has_value) {
         _Py_path_config.home = _PyMem_RawWcsdup(home);
     }
@@ -282,6 +284,8 @@ Py_SetProgramName(const wchar_t *program_name)
     _PyMem_SetDefaultAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
 
     PyMem_RawFree(_Py_path_config.program_name);
+    _Py_path_config.program_name = NULL;
+
     if (has_value) {
         _Py_path_config.program_name = _PyMem_RawWcsdup(program_name);
     }
@@ -302,6 +306,8 @@ _Py_SetProgramFullPath(const wchar_t *program_full_path)
     _PyMem_SetDefaultAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
 
     PyMem_RawFree(_Py_path_config.program_full_path);
+    _Py_path_config.program_full_path = NULL;
+
     if (has_value) {
         _Py_path_config.program_full_path = _PyMem_RawWcsdup(program_full_path);
     }
-- 
cgit v0.12