See More

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author alex.henrie
Recipients alex.henrie
Date 2021-03-02.01:38:31
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <[email protected]>
In-reply-to
Content 
The assemble function in compile.c currently looks like this:

    static PyCodeObject *
    assemble(struct compiler *c, int addNone)
    {
        basicblock *b, *entryblock;
        struct assembler a;
        int j, nblocks;
        PyCodeObject *co = NULL;
        PyObject *consts = NULL;

        ...

        for (basicblock *b = c->u->u_blocks; b != NULL; b = b->b_list) {
            if (normalize_basic_block(b)) {
                goto error;
            }
        }

        if (ensure_exits_have_lineno(c)) {
            goto error;
        }

        ...

     error:
        Py_XDECREF(consts);
        assemble_free(&a);
        return co;
    }

If normalize_basic_block or ensure_exits_have_lineno fails, the function will attempt to free a.a_bytecode, which has not yet been initialized, possibly leading to a program crash.

The problematic code was added by commit 5977a7989d49c3e095c7659a58267d87a17b12b1 to fix bpo-42246.

Defect identified by scan-build <https://clang-analyzer.llvm.org/scan-build.html>
History
Date User Action Args
2021-03-02 01:38:32alex.henriesetrecipients: + alex.henrie
2021-03-02 01:38:32alex.henriesetmessageid: <[email protected]>
2021-03-02 01:38:32alex.henrielinkissue43358 messages
2021-03-02 01:38:31alex.henriecreate