This repository has been archived by the owner on Oct 27, 2022. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
giampaolo/psutil#1616 giampaolo/psutil@7d512c8 CVE fix commit message by Riccardo Schirone: Use Py_CLEAR instead of Py_DECREF to also set the variable to NULL These files contain loops that convert system data into python objects and during the process they create objects and dereference their refcounts after they have been added to the resulting list. However, in case of errors during the creation of those python objects, the refcount to previously allocated objects is dropped again with Py_XDECREF, which should be a no-op in case the paramater is NULL. Even so, in most of these loops the variables pointing to the objects are never set to NULL, even after Py_DECREF is called at the end of the loop iteration. This means, after the first iteration, if an error occurs those python objects will get their refcount dropped two times, resulting in a possible double-free. master (#1616) -- CVEs fixed in this build: CVE-2019-18874
- Loading branch information
1 parent
a98793d
commit da3a70a