Skip to content

C
cpython
Commit 90555eca authored by Sergey Fedoseev's avatar Sergey Fedoseev Committed by Serhiy Storchaka
Browse files
Options

bpo-34395: Don't free allocated memory on realloc fail in load_mark() in _pickle.c. (GH-8788)

parent 86b89916
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 15 deletions
Modules/_pickle.c
View file @ 90555eca
......@@ -6289,24 +6289,14 @@ load_mark(UnpicklerObject *self)
*/
if (self->num_marks >= self->marks_size) {
size_t alloc;
/* Use the size_t type to check for overflow. */
alloc = ((size_t)self->num_marks << 1) + 20;
if (alloc > (PY_SSIZE_T_MAX / sizeof(Py_ssize_t)) ||
alloc <= ((size_t)self->num_marks + 1)) {
PyErr_NoMemory();
return -1;
}
Py_ssize_t *marks_old = self->marks;
PyMem_RESIZE(self->marks, Py_ssize_t, alloc);
if (self->marks == NULL) {
PyMem_FREE(marks_old);
self->marks_size = 0;
size_t alloc = ((size_t)self->num_marks << 1) + 20;
Py_ssize_t *marks_new = self->marks;
PyMem_RESIZE(marks_new, Py_ssize_t, alloc);
if (marks_new == NULL) {
PyErr_NoMemory();
return -1;
}
self->marks = marks_new;
self->marks_size = (Py_ssize_t)alloc;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7