[3.11] GH-96569: Avoid undefined behavior (#96616)

markshannon · mdboom · web-flow · commit e72f469e857e · 2022-09-08T12:00:04.000+01:00
Co-authored-by: Michael Droettboom &lt;mdboom@gmail.com&gt;
diff --git a/Include/internal/pycore_frame.h b/Include/internal/pycore_frame.h
@@ -192,17 +192,25 @@ _PyFrame_LocalsToFast(_PyInterpreterFrame *frame, int clear);
 extern _PyInterpreterFrame *
 _PyThreadState_BumpFramePointerSlow(PyThreadState *tstate, size_t size);
 
+static inline bool
+_PyThreadState_HasStackSpace(PyThreadState *tstate, size_t size)
+{
+    assert(
+        (tstate->datastack_top == NULL && tstate->datastack_limit == NULL)
+        ||
+        (tstate->datastack_top != NULL && tstate->datastack_limit != NULL)
+    );
+    return tstate->datastack_top != NULL &&
+        size < (size_t)(tstate->datastack_limit - tstate->datastack_top);
+}
+
 static inline _PyInterpreterFrame *
 _PyThreadState_BumpFramePointer(PyThreadState *tstate, size_t size)
 {
-    PyObject **base = tstate->datastack_top;
-    if (base) {
-        PyObject **top = base + size;
-        assert(tstate->datastack_limit);
-        if (top < tstate->datastack_limit) {
-            tstate->datastack_top = top;
-            return (_PyInterpreterFrame *)base;
-        }
+    if (_PyThreadState_HasStackSpace(tstate, size)) {
+        _PyInterpreterFrame *res = (_PyInterpreterFrame *)tstate->datastack_top;
+        tstate->datastack_top += size;
+        return res;
     }
     return _PyThreadState_BumpFramePointerSlow(tstate, size);
 }
diff --git a/Misc/NEWS.d/next/Core and Builtins/2022-09-05-16-43-44.gh-issue-96569.9lmTCC.rst b/Misc/NEWS.d/next/Core and Builtins/2022-09-05-16-43-44.gh-issue-96569.9lmTCC.rst
@@ -0,0 +1 @@
+Remove two cases of undefined behavior, by adding NULL checks.
diff --git a/Python/pystate.c b/Python/pystate.c
@@ -2178,16 +2178,16 @@ push_chunk(PyThreadState *tstate, int size)
 _PyInterpreterFrame *
 _PyThreadState_BumpFramePointerSlow(PyThreadState *tstate, size_t size)
 {
-    assert(size < INT_MAX/sizeof(PyObject *));
-    PyObject **base = tstate->datastack_top;
-    PyObject **top = base + size;
-    if (top >= tstate->datastack_limit) {
-        base = push_chunk(tstate, (int)size);
+    if (_PyThreadState_HasStackSpace(tstate, size)) {
+        _PyInterpreterFrame *res = (_PyInterpreterFrame *)tstate->datastack_top;
+        tstate->datastack_top += size;
+        return res;
     }
-    else {
-        tstate->datastack_top = top;
+    if (size > INT_MAX/2) {
+        PyErr_NoMemory();
+        return NULL;
     }
-    return (_PyInterpreterFrame *)base;
+    return (_PyInterpreterFrame *)push_chunk(tstate, (int)size);
 }
 
 void

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Remove two cases of undefined behavior, by adding NULL checks.`
Original file line number	Diff line number	Diff line change
`@@ -2178,16 +2178,16 @@ push_chunk(PyThreadState *tstate, int size)`
`2178`	`2178`	`_PyInterpreterFrame *`
`2179`	`2179`	`_PyThreadState_BumpFramePointerSlow(PyThreadState *tstate, size_t size)`
`2180`	`2180`	`{`
`2181`		`- assert(size < INT_MAX/sizeof(PyObject *));`
`2182`		`- PyObject **base = tstate->datastack_top;`
`2183`		`- PyObject **top = base + size;`
`2184`		`- if (top >= tstate->datastack_limit) {`
`2185`		`- base = push_chunk(tstate, (int)size);`
	`2181`	`+ if (_PyThreadState_HasStackSpace(tstate, size)) {`
	`2182`	`+ _PyInterpreterFrame res = (_PyInterpreterFrame )tstate->datastack_top;`
	`2183`	`+ tstate->datastack_top += size;`
	`2184`	`+ return res;`
`2186`	`2185`	`}`
`2187`		`- else {`
`2188`		`- tstate->datastack_top = top;`
	`2186`	`+ if (size > INT_MAX/2) {`
	`2187`	`+ PyErr_NoMemory();`
	`2188`	`+ return NULL;`
`2189`	`2189`	`}`
`2190`		`- return (_PyInterpreterFrame *)base;`
	`2190`	`+ return (_PyInterpreterFrame *)push_chunk(tstate, (int)size);`
`2191`	`2191`	`}`
`2192`	`2192`
`2193`	`2193`	`void`