Title: Bad free in assemble function
Type: crash Stage: patch review
Components: Interpreter Core Versions: Python 3.10
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: Mark.Shannon, alex.henrie
Priority: normal Keywords: patch

Created on 2021-03-02 01:38 by alex.henrie, last changed 2021-03-02 10:20 by Mark.Shannon.

Pull Requests
URL Status Linked Edit
PR 24697 merged alex.henrie, 2021-03-02 01:39
Messages (2)
msg387893 - (view) Author: Alex Henrie (alex.henrie) * Date: 2021-03-02 01:38
The assemble function in compile.c currently looks like this:

    static PyCodeObject *
    assemble(struct compiler *c, int addNone)
        basicblock *b, *entryblock;
        struct assembler a;
        int j, nblocks;
        PyCodeObject *co = NULL;
        PyObject *consts = NULL;


        for (basicblock *b = c->u->u_blocks; b != NULL; b = b->b_list) {
            if (normalize_basic_block(b)) {
                goto error;

        if (ensure_exits_have_lineno(c)) {
            goto error;


        return co;

If normalize_basic_block or ensure_exits_have_lineno fails, the function will attempt to free a.a_bytecode, which has not yet been initialized, possibly leading to a program crash.

The problematic code was added by commit 5977a7989d49c3e095c7659a58267d87a17b12b1 to fix bpo-42246.

Defect identified by scan-build <>
msg387903 - (view) Author: Mark Shannon (Mark.Shannon) * (Python committer) Date: 2021-03-02 10:20
New changeset 503627fc2acb875b4c7b58a7f6e258cfcbad054b by Alex Henrie in branch 'master':
bpo-43358: Fix bad free in assemble function (GH-24697)
Date User Action Args
2021-03-02 10:20:36Mark.Shannonsetmessages: + msg387903
2021-03-02 01:50:29ammar2setnosy: + Mark.Shannon
2021-03-02 01:39:37alex.henriesetkeywords: + patch
stage: patch review
pull_requests: + pull_request23474
2021-03-02 01:38:32alex.henriecreate