[3.7] bpo-34408: Prevent a null pointer dereference and resource leakage in PyInterpreterState_New() (GH-8767) (GH-13237)

* A pointer in `PyInterpreterState_New()` could have been `NULL` when being dereferenced. * Memory was leaked in `PyInterpreterState_New()` when taking some error-handling code path. (cherry picked from commit 95d630e) Co-authored-by: Pablo Galindo <Pablogsal@gmail.com>
2026-04-22 03:41:08 +00:00 · 2019-05-10 21:16:19 +01:00 · 2019-05-10 21:16:19 +01:00 · 34ed40f2e5
commit 34ed40f2e5
parent 069a5b4833
2 changed files with 11 additions and 6 deletions
--- a/Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst
+++ b/Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst
@ -0,0 +1 @@
+Prevent a null pointer dereference and resource leakage in ``PyInterpreterState_New()``.
--- a/Python/pystate.c
+++ b/Python/pystate.c
@ -167,23 +167,27 @@ PyInterpreterState_New(void)
    interp->pyexitmodule = NULL;

    HEAD_LOCK();
-    interp->next = _PyRuntime.interpreters.head;
-    if (_PyRuntime.interpreters.main == NULL) {
-        _PyRuntime.interpreters.main = interp;
-    }
-    _PyRuntime.interpreters.head = interp;
    if (_PyRuntime.interpreters.next_id < 0) {
        /* overflow or Py_Initialize() not called! */
        PyErr_SetString(PyExc_RuntimeError,
                        "failed to get an interpreter ID");
-        /* XXX deallocate! */
+        PyMem_RawFree(interp);
        interp = NULL;
    } else {
        interp->id = _PyRuntime.interpreters.next_id;
        _PyRuntime.interpreters.next_id += 1;
+        interp->next = _PyRuntime.interpreters.head;
+        if (_PyRuntime.interpreters.main == NULL) {
+            _PyRuntime.interpreters.main = interp;
+        }
+        _PyRuntime.interpreters.head = interp;
    }
    HEAD_UNLOCK();

+    if (interp == NULL) {
+        return NULL;
+    }
+
    interp->tstate_next_unique_id = 0;

    return interp;
				`@ -0,0 +1 @@`
				Prevent a null pointer dereference and resource leakage in ``PyInterpreterState_New()``.