From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Thu, 28 Mar 2019 15:08:35 +0000 (-0700)
Subject: bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() (12601)
X-Git-Tag: v3.7.4rc1~282
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6fd3c852b15820480ad2ea83e7857615c4976304;p=thirdparty%2FPython%2Fcpython.git

bpo-36459: Fix a possible double PyMem_FREE() due to tokenizer.c's tok_nextc() (12601)


Remove the PyMem_FREE() call added in cb90c89.  The buffer will be
freed when PyTokenizer_Free() is called on the tokenizer state.
(cherry picked from commit cda139d1ded6708665b53e4ed32ccc1d2627e1da)

Co-authored-by: Zackery Spytz <zspytz@gmail.com>
---

diff --git a/Misc/NEWS.d/next/Core and Builtins/2019-03-27-22-35-16.bpo-36459.UAvkKp.rst b/Misc/NEWS.d/next/Core and Builtins/2019-03-27-22-35-16.bpo-36459.UAvkKp.rst
new file mode 100644
index 000000000000..6c234a6a76d9
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2019-03-27-22-35-16.bpo-36459.UAvkKp.rst	
@@ -0,0 +1 @@
+Fix a possible double ``PyMem_FREE()`` due to tokenizer.c's ``tok_nextc()``.
diff --git a/Parser/tokenizer.c b/Parser/tokenizer.c
index 34722f85b94a..e374c5a4aee6 100644
--- a/Parser/tokenizer.c
+++ b/Parser/tokenizer.c
@@ -1055,7 +1055,6 @@ tok_nextc(struct tok_state *tok)
                 newbuf = (char *)PyMem_REALLOC(newbuf,
                                                newsize);
                 if (newbuf == NULL) {
-                    PyMem_FREE(tok->buf);
                     tok->done = E_NOMEM;
                     tok->cur = tok->inp;
                     return EOF;