Issue 34474: Python/bltinmodule.c: Missing NULL check in builtin_sum_impl()

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/78655

classification

Title:	Python/bltinmodule.c: Missing NULL check in builtin_sum_impl()
Type:	behavior	Stage:	resolved
Components:	Interpreter Core	Versions:	Python 3.8, Python 3.7, Python 3.6, Python 2.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:		Nosy List:	benjamin.peterson, berker.peksag, izbyshev, miss-islington, pitrou, serhiy.storchaka
Priority:	normal	Keywords:	patch

Created on 2018-08-23 14:04 by izbyshev, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL	Status	Linked	Edit
PR 8872	merged	izbyshev, 2018-08-23 14:07
PR 8889	merged	miss-islington, 2018-08-24 04:28
PR 8890	merged	miss-islington, 2018-08-24 04:28
PR 8891	merged	miss-islington, 2018-08-24 04:28

Messages (6)
msg323946 - (view)	Author: Alexey Izbyshev (izbyshev) *	Date: 2018-08-23 14:04
The return value of PyFloat_FromDouble() at https://github.com/python/cpython/blob/48ce4897f8f8d91d948ecd1241ffab002df2be9e/Python/bltinmodule.c#L2403 is not checked for NULL and then dereferenced. Reported by Svace static analyzer. A similar issue in an 'if' statement above was fixed in #18560. Note that 2.7 is affected by both issues, so I can fix both if needed.
msg323948 - (view)	Author: Berker Peksag (berker.peksag) *	Date: 2018-08-23 14:34
Personally I wouldn't bother fixing 2.7, but let's see what other core devs think.
msg323984 - (view)	Author: Benjamin Peterson (benjamin.peterson) *	Date: 2018-08-24 04:27
New changeset 2b824b2538c4a5f9f520c5de8a1eae5a0c181a94 by Benjamin Peterson (Alexey Izbyshev) in branch 'master': closes bpo-34474: Python/bltinmodule.c: Add missing NULL check in builtin_sum_impl() (GH-8872) https://github.com/python/cpython/commit/2b824b2538c4a5f9f520c5de8a1eae5a0c181a94
msg323990 - (view)	Author: miss-islington (miss-islington)	Date: 2018-08-24 04:59
New changeset a59036365b304d43bba0f050fa9a7d76100e0ae1 by Miss Islington (bot) in branch '3.7': closes bpo-34474: Python/bltinmodule.c: Add missing NULL check in builtin_sum_impl() (GH-8872) https://github.com/python/cpython/commit/a59036365b304d43bba0f050fa9a7d76100e0ae1
msg323991 - (view)	Author: miss-islington (miss-islington)	Date: 2018-08-24 05:11
New changeset 7d470f3f24d0c091cf1da4f13695c6bb3200a713 by Miss Islington (bot) in branch '3.6': closes bpo-34474: Python/bltinmodule.c: Add missing NULL check in builtin_sum_impl() (GH-8872) https://github.com/python/cpython/commit/7d470f3f24d0c091cf1da4f13695c6bb3200a713
msg323992 - (view)	Author: miss-islington (miss-islington)	Date: 2018-08-24 05:13
New changeset 45ee452751d095d665717bafb61cfd7c65b729b4 by Miss Islington (bot) in branch '2.7': closes bpo-34474: Python/bltinmodule.c: Add missing NULL check in builtin_sum_impl() (GH-8872) https://github.com/python/cpython/commit/45ee452751d095d665717bafb61cfd7c65b729b4

History
Date	User	Action	Args
2022-04-11 14:59:05	admin	set	github: 78655
2018-08-24 05:13:21	miss-islington	set	messages: + msg323992
2018-08-24 05:11:00	miss-islington	set	messages: + msg323991
2018-08-24 04:59:19	miss-islington	set	nosy: + miss-islington messages: + msg323990
2018-08-24 04:28:14	miss-islington	set	pull_requests: + pull_request8364
2018-08-24 04:28:08	miss-islington	set	pull_requests: + pull_request8363
2018-08-24 04:28:02	miss-islington	set	pull_requests: + pull_request8362
2018-08-24 04:27:55	benjamin.peterson	set	status: open -> closed nosy: + benjamin.peterson messages: + msg323984 resolution: fixed stage: patch review -> resolved
2018-08-23 14:34:33	berker.peksag	set	messages: + msg323948
2018-08-23 14:07:27	izbyshev	set	keywords: + patch stage: patch review pull_requests: + pull_request8350
2018-08-23 14:04:14	izbyshev	create