Issue 34457: Missing NULL check in alias_for_import_name() from Python/ast.c

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/78638

classification

Title:	Missing NULL check in alias_for_import_name() from Python/ast.c
Type:	behavior	Stage:	resolved
Components:	Interpreter Core	Versions:	Python 3.8, Python 3.7, Python 3.6, Python 2.7

process

Status:	closed	Resolution:	fixed
Dependencies:		Superseder:
Assigned To:		Nosy List:	izbyshev, miss-islington, serhiy.storchaka
Priority:	normal	Keywords:	patch

Created on 2018-08-21 23:37 by izbyshev, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL	Status	Linked	Edit
PR 8852	merged	izbyshev, 2018-08-21 23:45
PR 8855	merged	miss-islington, 2018-08-22 04:55
PR 8856	merged	miss-islington, 2018-08-22 04:55
PR 8858	merged	izbyshev, 2018-08-22 11:23

Messages (6)
msg323854 - (view)	Author: Alexey Izbyshev (izbyshev) *	Date: 2018-08-21 23:37
The return value of PyUnicode_InternFromString() is dereferenced without checking at https://github.com/python/cpython/blob/ef8861c112ed1dac9351958c121bc24ca4ecdb08/Python/ast.c#L3256 Reported by Svace static analyzer.
msg323855 - (view)	Author: Alexey Izbyshev (izbyshev) *	Date: 2018-08-21 23:43
The NULL dereference seems to be hard to trigger due to caching for one-character Latin-1 strings, but being safe probably won't hurt.
msg323862 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) *	Date: 2018-08-22 04:55
New changeset 28853a249b1d0c890b7e9ca345290bb8c1756446 by Serhiy Storchaka (Alexey Izbyshev) in branch 'master': bpo-34457: Python/ast.c: Add missing NULL check to alias_for_import_name(). (GH-8852) https://github.com/python/cpython/commit/28853a249b1d0c890b7e9ca345290bb8c1756446
msg323866 - (view)	Author: miss-islington (miss-islington)	Date: 2018-08-22 05:54
New changeset b8e7319d39bf44355bf60f9bbec07cfbbe56739d by Miss Islington (bot) in branch '3.7': bpo-34457: Python/ast.c: Add missing NULL check to alias_for_import_name(). (GH-8852) https://github.com/python/cpython/commit/b8e7319d39bf44355bf60f9bbec07cfbbe56739d
msg323867 - (view)	Author: miss-islington (miss-islington)	Date: 2018-08-22 05:54
New changeset 0ef61ee7b194a1c15747d6bca3cf30a5c581e7e3 by Miss Islington (bot) in branch '3.6': bpo-34457: Python/ast.c: Add missing NULL check to alias_for_import_name(). (GH-8852) https://github.com/python/cpython/commit/0ef61ee7b194a1c15747d6bca3cf30a5c581e7e3
msg323874 - (view)	Author: Serhiy Storchaka (serhiy.storchaka) *	Date: 2018-08-22 11:46
New changeset 5223ce2131a121201a78d0680302ea06c4a58369 by Serhiy Storchaka (Alexey Izbyshev) in branch '2.7': [2.7] bpo-34457: Python/ast.c: Add missing NULL check to alias_for_import_name(). (GH-8852) (GH-8858) https://github.com/python/cpython/commit/5223ce2131a121201a78d0680302ea06c4a58369

History
Date	User	Action	Args
2022-04-11 14:59:05	admin	set	github: 78638
2018-08-22 11:47:23	serhiy.storchaka	set	status: open -> closed stage: patch review -> resolved resolution: fixed versions: - Python 3.4, Python 3.5
2018-08-22 11:46:55	serhiy.storchaka	set	messages: + msg323874
2018-08-22 11:23:56	izbyshev	set	pull_requests: + pull_request8329
2018-08-22 05:54:57	miss-islington	set	messages: + msg323867
2018-08-22 05:54:48	miss-islington	set	nosy: + miss-islington messages: + msg323866
2018-08-22 04:55:32	miss-islington	set	pull_requests: + pull_request8328
2018-08-22 04:55:26	miss-islington	set	pull_requests: + pull_request8327
2018-08-22 04:55:19	serhiy.storchaka	set	messages: + msg323862
2018-08-21 23:45:06	izbyshev	set	keywords: + patch stage: patch review pull_requests: + pull_request8324
2018-08-21 23:43:07	izbyshev	set	messages: + msg323855
2018-08-21 23:37:32	izbyshev	create