[3.13] gh-145376: Fix crashes in md5module.c (GH-145422) (#145611)

* gh-145376: Fix crashes in md5module.c

Fix a possible NULL pointer dereference in `md5module.c`.
This can only occur in error paths taken when the interpreter fails to allocate memory.

(cherry-picked from c1d77683213c400fca144692654845e6f5418981)

* 📜🤖 Added by blurb_it.

* Update Modules/md5module.c

---------

Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>

diff --git a/Misc/NEWS.d/next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst b/Misc/NEWS.d/next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst
new file mode 100644 (file)
index 0000000..aeba8c0
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst
@@ -0,0 +1 @@
+Fix null pointer dereference in unusual error scenario in :mod:`hashlib`.

diff --git a/Modules/md5module.c b/Modules/md5module.c
index 7d41f0a3a5145d6c35ed732a454f9dd335f9dfa0..c56fa5fc13e32ef7636c0341e60c0df3078010fd 100644 (file)
--- a/Modules/md5module.c
+++ b/Modules/md5module.c
@@ -84,7 +84,10 @@ MD5_traverse(PyObject *ptr, visitproc visit, void *arg)
 static void
 MD5_dealloc(MD5object *ptr)
 {
-    Hacl_Hash_MD5_free(ptr->hash_state);
+    if (ptr->hash_state != NULL) {
+        Hacl_Hash_MD5_free(ptr->hash_state);
+        ptr->hash_state = NULL;
+    }
     PyTypeObject *tp = Py_TYPE((PyObject*)ptr);
     PyObject_GC_UnTrack(ptr);
     PyObject_GC_Del(ptr);