[3.11] GH-96569: Avoid undefined behavior (#96616)

Co-authored-by: Michael Droettboom <mdboom@gmail.com>
2025-08-04 08:59:19 +00:00 · 2022-09-08 12:00:04 +01:00 · 2022-09-08 12:00:04 +01:00 · e72f469e85
commit e72f469e85
parent 3d6e6beb0d
3 changed files with 25 additions and 16 deletions
--- a/Include/internal/pycore_frame.h
+++ b/Include/internal/pycore_frame.h
@ -192,17 +192,25 @@ _PyFrame_LocalsToFast(_PyInterpreterFrame *frame, int clear);
 extern _PyInterpreterFrame *
 _PyThreadState_BumpFramePointerSlow(PyThreadState *tstate, size_t size);

+static inline bool
+_PyThreadState_HasStackSpace(PyThreadState *tstate, size_t size)
+{
+    assert(
+        (tstate->datastack_top == NULL && tstate->datastack_limit == NULL)
+        ||
+        (tstate->datastack_top != NULL && tstate->datastack_limit != NULL)
+    );
+    return tstate->datastack_top != NULL &&
+        size < (size_t)(tstate->datastack_limit - tstate->datastack_top);
+}
+
 static inline _PyInterpreterFrame *
 _PyThreadState_BumpFramePointer(PyThreadState *tstate, size_t size)
 {
-    PyObject **base = tstate->datastack_top;
-    if (base) {
-        PyObject **top = base + size;
-        assert(tstate->datastack_limit);
-        if (top < tstate->datastack_limit) {
-            tstate->datastack_top = top;
-            return (_PyInterpreterFrame *)base;
-        }
+    if (_PyThreadState_HasStackSpace(tstate, size)) {
+        _PyInterpreterFrame *res = (_PyInterpreterFrame *)tstate->datastack_top;
+        tstate->datastack_top += size;
+        return res;
    }
    return _PyThreadState_BumpFramePointerSlow(tstate, size);
 }
--- a/Builtins/2022-09-05-16-43-44.gh-issue-96569.9lmTCC.rst
+++ b/Builtins/2022-09-05-16-43-44.gh-issue-96569.9lmTCC.rst
@ -0,0 +1 @@
+Remove two cases of undefined behavior, by adding NULL checks.
--- a/Python/pystate.c
+++ b/Python/pystate.c
@ -2178,16 +2178,16 @@ push_chunk(PyThreadState *tstate, int size)
 _PyInterpreterFrame *
 _PyThreadState_BumpFramePointerSlow(PyThreadState *tstate, size_t size)
 {
-    assert(size < INT_MAX/sizeof(PyObject *));
-    PyObject **base = tstate->datastack_top;
-    PyObject **top = base + size;
-    if (top >= tstate->datastack_limit) {
-        base = push_chunk(tstate, (int)size);
+    if (_PyThreadState_HasStackSpace(tstate, size)) {
+        _PyInterpreterFrame *res = (_PyInterpreterFrame *)tstate->datastack_top;
+        tstate->datastack_top += size;
+        return res;
    }
-    else {
-        tstate->datastack_top = top;
+    if (size > INT_MAX/2) {
+        PyErr_NoMemory();
+        return NULL;
    }
-    return (_PyInterpreterFrame *)base;
+    return (_PyInterpreterFrame *)push_chunk(tstate, (int)size);
 }

 void
				`@ -0,0 +1 @@`
				`Remove two cases of undefined behavior, by adding NULL checks.`