PyOS_getsig(), PyOS_setsig(): The minimal amount of work to avoid the

uninitialized memory reads reported in bug #478001.

Note that this doesn't address the following larger issues:

- Error conditions are not documented for PyOS_*sig() in the C API.

- Nothing that actually calls PyOS_*sig() in the core interpreter and
  extension modules actually /checks/ the return value of the call.

Fixing those is left as an exercise for a later day.

diff --git a/Python/pythonrun.c b/Python/pythonrun.c
index 963df8a4ba33632d9b050cbd4485a087640d0d5f..f6217c3da64158ea156d349c487cb1292f35fedc 100644 (file)
--- a/Python/pythonrun.c
+++ b/Python/pythonrun.c
@@ -1437,6 +1437,12 @@ PyOS_getsig(int sig)
 {
 #ifdef HAVE_SIGACTION
        struct sigaction context;
+       /* Initialize context.sa_handler to SIG_ERR which makes about as
+        * much sense as anything else.  It should get overwritten if
+        * sigaction actually succeeds and otherwise we avoid an
+        * uninitialized memory read.
+        */
+       context.sa_handler = SIG_ERR;
        sigaction(sig, NULL, &context);
        return context.sa_handler;
 #else
@@ -1453,6 +1459,12 @@ PyOS_setsig(int sig, PyOS_sighandler_t handler)
 #ifdef HAVE_SIGACTION
        struct sigaction context;
        PyOS_sighandler_t oldhandler;
+       /* Initialize context.sa_handler to SIG_ERR which makes about as
+        * much sense as anything else.  It should get overwritten if
+        * sigaction actually succeeds and otherwise we avoid an
+        * uninitialized memory read.
+        */
+       context.sa_handler = SIG_ERR;
        sigaction(sig, NULL, &context);
        oldhandler = context.sa_handler;
        context.sa_handler = handler;