commit ae02a929ddd748b67b3e6f6c6665267f031142e7
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Sun Nov 18 08:58:20 2018 -0800
committer GitHub <noreply@github.com> Sun Nov 18 08:58:20 2018 -0800
tree 7ae5c1c1d0e57dad2de8ba348e7e9494c120f192
parent e851049e0e045b5e0f9d5c6b8a64d7f6b8ecc9c7

bpo-35269: Fix a possible segfault involving a newly-created coroutine (GH-10585)


coro->cr_origin wasn't initialized if compute_cr_origin() failed in
PyCoro_New(), which would cause a crash during the coroutine's
deallocation.

https://bugs.python.org/issue35269
(cherry picked from commit 062a57bf4b768ef726975bcc1d34398387520147)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>

Misc/NEWS.d/next/Core and Builtins/2018-11-17-10-18-29.bpo-35269.gjm1LO.rst

diff --git a/Misc/NEWS.d/next/Core and Builtins/2018-11-17-10-18-29.bpo-35269.gjm1LO.rst b/Misc/NEWS.d/next/Core and Builtins/2018-11-17-10-18-29.bpo-35269.gjm1LO.rst
new file mode 100644
index 0000000..0076346
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2018-11-17-10-18-29.bpo-35269.gjm1LO.rst
@@ -0,0 +1,2 @@
+Fix a possible segfault involving a newly-created coroutine.  Patch by
+Zackery Spytz.

Objects/genobject.c

diff --git a/Objects/genobject.c b/Objects/genobject.c
index e91d111..793a809 100644
--- a/Objects/genobject.c
+++ b/Objects/genobject.c
@@ -1166,11 +1166,11 @@
         ((PyCoroObject *)coro)->cr_origin = NULL;
     } else {
         PyObject *cr_origin = compute_cr_origin(origin_depth);
+        ((PyCoroObject *)coro)->cr_origin = cr_origin;
         if (!cr_origin) {
             Py_DECREF(coro);
             return NULL;
         }
-        ((PyCoroObject *)coro)->cr_origin = cr_origin;
     }
 
     return coro;