Message 301222 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	barry
Recipients	barry
Date	2017-09-04.16:43:32
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1504543412.14.0.655487959923.issue31337@psf.upfronthosting.co.za>
In-reply-to

Content
There is a very minor opportunity for NULL dereference in compile.c. compiler_subdict() does not check the return value of get_const_value(), which could be NULL. This was found by Kirit Sankar Gupta. This is not a security issue in practice, since compiler_subdict() calls are_all_items_const() before it gets to the call, so the condition which triggers get_const_value() to return NULL will never happen (i.e. the default: clause of get_const_value()). Still, it can't hurt to be more correct in case the conditions which are implicitly assumed could change. Plus the fix is super easy, so why not do it?

There is a very minor opportunity for NULL dereference in compile.c.  compiler_subdict() does not check the return value of get_const_value(), which could be NULL.  This was found by Kirit Sankar Gupta.

This is not a security issue in practice, since compiler_subdict() calls are_all_items_const() before it gets to the call, so the condition which triggers get_const_value() to return NULL will never happen (i.e. the default: clause of get_const_value()).  Still, it can't hurt to be more correct in case the conditions which are implicitly assumed could change.  Plus the fix is super easy, so why not do it?

History
Date	User	Action	Args
2017-09-04 16:43:32	barry	set	recipients: + barry
2017-09-04 16:43:32	barry	set	messageid: <1504543412.14.0.655487959923.issue31337@psf.upfronthosting.co.za>
2017-09-04 16:43:32	barry	link	issue31337 messages
2017-09-04 16:43:32	barry	create