From: Pieter Eendebak Date: Fri, 6 Mar 2026 22:24:20 +0000 (+0100) Subject: [3.13] gh-145376: Fix crashes in md5module.c (GH-145422) (#145611) X-Git-Tag: v3.13.13~124 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ae7206eb3b0153d126e8d5241e4f8a5aaeb9101b;p=thirdparty%2FPython%2Fcpython.git [3.13] gh-145376: Fix crashes in md5module.c (GH-145422) (#145611) * gh-145376: Fix crashes in md5module.c Fix a possible NULL pointer dereference in `md5module.c`. This can only occur in error paths taken when the interpreter fails to allocate memory. (cherry-picked from c1d77683213c400fca144692654845e6f5418981) * 📜🤖 Added by blurb_it. * Update Modules/md5module.c --------- Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com> --- diff --git a/Misc/NEWS.d/next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst b/Misc/NEWS.d/next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst new file mode 100644 index 000000000000..aeba8c01fcf6 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst @@ -0,0 +1 @@ +Fix null pointer dereference in unusual error scenario in :mod:`hashlib`. diff --git a/Modules/md5module.c b/Modules/md5module.c index 7d41f0a3a514..c56fa5fc13e3 100644 --- a/Modules/md5module.c +++ b/Modules/md5module.c @@ -84,7 +84,10 @@ MD5_traverse(PyObject *ptr, visitproc visit, void *arg) static void MD5_dealloc(MD5object *ptr) { - Hacl_Hash_MD5_free(ptr->hash_state); + if (ptr->hash_state != NULL) { + Hacl_Hash_MD5_free(ptr->hash_state); + ptr->hash_state = NULL; + } PyTypeObject *tp = Py_TYPE((PyObject*)ptr); PyObject_GC_UnTrack(ptr); PyObject_GC_Del(ptr);