From 600883f645aa287f8d96900acef5459d58797811 Mon Sep 17 00:00:00 2001 From: denballakh Date: Mon, 2 Oct 2023 23:17:57 +0300 Subject: [PATCH 1/3] Check `PyList_Append` for errors in `_PyEval_MatchClass` --- .../2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst | 1 + Python/ceval.c | 14 +++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) create mode 100644 Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst diff --git a/Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst b/Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst new file mode 100644 index 00000000000000..58787da0bee89e --- /dev/null +++ b/Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst @@ -0,0 +1 @@ +Check `PyList_Append` for errors in `_PyEval_MatchClass` diff --git a/Python/ceval.c b/Python/ceval.c index cae29e061ce5d3..7464da84149466 100644 --- a/Python/ceval.c +++ b/Python/ceval.c @@ -506,7 +506,9 @@ _PyEval_MatchClass(PyThreadState *tstate, PyObject *subject, PyObject *type, } if (match_self) { // Easy. Copy the subject itself, and move on to kwargs. - PyList_Append(attrs, subject); + if (PyList_Append(attrs, subject) == -1) { + goto fail; + } } else { for (Py_ssize_t i = 0; i < nargs; i++) { @@ -522,7 +524,10 @@ _PyEval_MatchClass(PyThreadState *tstate, PyObject *subject, PyObject *type, if (attr == NULL) { goto fail; } - PyList_Append(attrs, attr); + if (PyList_Append(attrs, attr) == -1) { + Py_DECREF(attr); + goto fail; + } Py_DECREF(attr); } } @@ -535,7 +540,10 @@ _PyEval_MatchClass(PyThreadState *tstate, PyObject *subject, PyObject *type, if (attr == NULL) { goto fail; } - PyList_Append(attrs, attr); + if (PyList_Append(attrs, attr) == -1) { + Py_DECREF(attr); + goto fail; + } Py_DECREF(attr); } Py_SETREF(attrs, PyList_AsTuple(attrs)); From 794c5dffec3a5432eed04a2f34c177b505459bd3 Mon Sep 17 00:00:00 2001 From: denballakh Date: Mon, 2 Oct 2023 23:26:26 +0300 Subject: [PATCH 2/3] update news entry --- .../2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst b/Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst index 58787da0bee89e..67b95c52f7e4da 100644 --- a/Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst +++ b/Misc/NEWS.d/next/Core and Builtins/2023-10-02-23-17-08.gh-issue-110237._Xub0z.rst @@ -1 +1 @@ -Check `PyList_Append` for errors in `_PyEval_MatchClass` +Fix missing error checks for calls to ``PyList_Append`` in ``_PyEval_MatchClass``. From 57ff2b395aed69faabf8f384c7ae0414bd08f2b9 Mon Sep 17 00:00:00 2001 From: denballakh Date: Mon, 2 Oct 2023 23:31:23 +0300 Subject: [PATCH 3/3] change `== -1` to `< 0` --- Python/ceval.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Python/ceval.c b/Python/ceval.c index 7464da84149466..ac40425263931f 100644 --- a/Python/ceval.c +++ b/Python/ceval.c @@ -506,7 +506,7 @@ _PyEval_MatchClass(PyThreadState *tstate, PyObject *subject, PyObject *type, } if (match_self) { // Easy. Copy the subject itself, and move on to kwargs. - if (PyList_Append(attrs, subject) == -1) { + if (PyList_Append(attrs, subject) < 0) { goto fail; } } @@ -524,7 +524,7 @@ _PyEval_MatchClass(PyThreadState *tstate, PyObject *subject, PyObject *type, if (attr == NULL) { goto fail; } - if (PyList_Append(attrs, attr) == -1) { + if (PyList_Append(attrs, attr) < 0) { Py_DECREF(attr); goto fail; } @@ -540,7 +540,7 @@ _PyEval_MatchClass(PyThreadState *tstate, PyObject *subject, PyObject *type, if (attr == NULL) { goto fail; } - if (PyList_Append(attrs, attr) == -1) { + if (PyList_Append(attrs, attr) < 0) { Py_DECREF(attr); goto fail; }