bpo-34408: Prevent a null pointer dereference and resource leakage in `PyInterpreterState_New()` (GH-8767)
* A pointer in `PyInterpreterState_New()` could have been `NULL` when being dereferenced.
* Memory was leaked in `PyInterpreterState_New()` when taking some error-handling code path.
diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst b/Misc/NEWS.d/next/Core and Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst
new file mode 100644
index 0000000..aacafd0
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2018-08-14-22-35-19.bpo-34408.aomWYW.rst
@@ -0,0 +1 @@
+Prevent a null pointer dereference and resource leakage in ``PyInterpreterState_New()``.
diff --git a/Python/pystate.c b/Python/pystate.c
index 7a4cd48..7d63f4f 100644
--- a/Python/pystate.c
+++ b/Python/pystate.c
@@ -172,23 +172,27 @@
interp->pyexitmodule = NULL;
HEAD_LOCK();
- interp->next = _PyRuntime.interpreters.head;
- if (_PyRuntime.interpreters.main == NULL) {
- _PyRuntime.interpreters.main = interp;
- }
- _PyRuntime.interpreters.head = interp;
if (_PyRuntime.interpreters.next_id < 0) {
/* overflow or Py_Initialize() not called! */
PyErr_SetString(PyExc_RuntimeError,
"failed to get an interpreter ID");
- /* XXX deallocate! */
+ PyMem_RawFree(interp);
interp = NULL;
} else {
interp->id = _PyRuntime.interpreters.next_id;
_PyRuntime.interpreters.next_id += 1;
+ interp->next = _PyRuntime.interpreters.head;
+ if (_PyRuntime.interpreters.main == NULL) {
+ _PyRuntime.interpreters.main = interp;
+ }
+ _PyRuntime.interpreters.head = interp;
}
HEAD_UNLOCK();
+ if (interp == NULL) {
+ return NULL;
+ }
+
interp->tstate_next_unique_id = 0;
return interp;