Skip to content

Commit

Permalink
Use Py_CLEAR instead of Py_DECREF to also set the variable to NULL (#…
Browse files Browse the repository at this point in the history 
…1616)

These files contain loops that convert system data into python objects
and during the process they create objects and dereference their
refcounts after they have been added to the resulting list.

However, in case of errors during the creation of those python objects,
the refcount to previously allocated objects is dropped again with
Py_XDECREF, which should be a no-op in case the paramater is NULL. Even
so, in most of these loops the variables pointing to the objects are
never set to NULL, even after Py_DECREF is called at the end of the loop
iteration. This means, after the first iteration, if an error occurs
those python objects will get their refcount dropped two times,
resulting in a possible double-free.
  • Loading branch information
@ret2libc @giampaolo
ret2libc authored and giampaolo committed Nov 13, 2019
1 parent ef03215 commit 7d512c8
Show file tree
Hide file tree
Showing 6 changed files with 97 additions and 101 deletions.
18 changes: 9 additions & 9 deletions psutil/_psutil_aix.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,8 +265,8 @@ psutil_proc_environ(PyObject *self, PyObject *args) {
goto error;
if (PyDict_SetItem(py_retdict, py_key, py_val))
goto error;
Py_DECREF(py_key);
Py_DECREF(py_val);
Py_CLEAR(py_key);
Py_CLEAR(py_val);
}
curvar = strchr(curvar, '\0') + 1;
}
Expand Down Expand Up @@ -510,10 +510,10 @@ psutil_users(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_username);
Py_DECREF(py_tty);
Py_DECREF(py_hostname);
Py_DECREF(py_tuple);
Py_CLEAR(py_username);
Py_CLEAR(py_tty);
Py_CLEAR(py_hostname);
Py_CLEAR(py_tuple);
}
endutxent();

Expand Down Expand Up @@ -570,9 +570,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_dev);
Py_DECREF(py_mountp);
Py_DECREF(py_tuple);
Py_CLEAR(py_dev);
Py_CLEAR(py_mountp);
Py_CLEAR(py_tuple);
mt = getmntent(file);
}
endmntent(file);
Expand Down
30 changes: 15 additions & 15 deletions psutil/_psutil_bsd.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,7 @@ psutil_pids(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_pid))
goto error;
Py_DECREF(py_pid);
Py_CLEAR(py_pid);
proclist++;
}
free(orig_address);
Expand Down Expand Up @@ -507,8 +507,8 @@ psutil_proc_open_files(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_path);
Py_DECREF(py_tuple);
Py_CLEAR(py_path);
Py_CLEAR(py_tuple);
}
}
free(freep);
Expand Down Expand Up @@ -670,9 +670,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_dev);
Py_DECREF(py_mountp);
Py_DECREF(py_tuple);
Py_CLEAR(py_dev);
Py_CLEAR(py_mountp);
Py_CLEAR(py_tuple);
}

free(fs);
Expand Down Expand Up @@ -765,7 +765,7 @@ psutil_net_io_counters(PyObject *self, PyObject *args) {
goto error;
if (PyDict_SetItemString(py_retdict, ifc_name, py_ifc_info))
goto error;
Py_DECREF(py_ifc_info);
Py_CLEAR(py_ifc_info);
}
else {
continue;
Expand Down Expand Up @@ -840,10 +840,10 @@ psutil_users(PyObject *self, PyObject *args) {
fclose(fp);
goto error;
}
Py_DECREF(py_username);
Py_DECREF(py_tty);
Py_DECREF(py_hostname);
Py_DECREF(py_tuple);
Py_CLEAR(py_username);
Py_CLEAR(py_tty);
Py_CLEAR(py_hostname);
Py_CLEAR(py_tuple);
}

fclose(fp);
Expand Down Expand Up @@ -883,10 +883,10 @@ psutil_users(PyObject *self, PyObject *args) {
endutxent();
goto error;
}
Py_DECREF(py_username);
Py_DECREF(py_tty);
Py_DECREF(py_hostname);
Py_DECREF(py_tuple);
Py_CLEAR(py_username);
Py_CLEAR(py_tty);
Py_CLEAR(py_hostname);
Py_CLEAR(py_tuple);
}

endutxent();
Expand Down
14 changes: 7 additions & 7 deletions psutil/_psutil_linux.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,9 +241,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_dev);
Py_DECREF(py_mountp);
Py_DECREF(py_tuple);
Py_CLEAR(py_dev);
Py_CLEAR(py_mountp);
Py_CLEAR(py_tuple);
}
endmntent(file);
return py_retlist;
Expand Down Expand Up @@ -454,10 +454,10 @@ psutil_users(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_username);
Py_DECREF(py_tty);
Py_DECREF(py_hostname);
Py_DECREF(py_tuple);
Py_CLEAR(py_username);
Py_CLEAR(py_tty);
Py_CLEAR(py_hostname);
Py_CLEAR(py_tuple);
}
endutent();
return py_retlist;
Expand Down
39 changes: 18 additions & 21 deletions psutil/_psutil_osx.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ psutil_pids(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_pid))
goto error;
Py_DECREF(py_pid);
Py_CLEAR(py_pid);
proclist++;
}
free(orig_address);
Expand Down Expand Up @@ -653,7 +653,7 @@ psutil_per_cpu_times(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_cputime))
goto error;
Py_DECREF(py_cputime);
Py_CLEAR(py_cputime);
}

ret = vm_deallocate(mach_task_self(), (vm_address_t)info_array,
Expand Down Expand Up @@ -841,9 +841,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_dev);
Py_DECREF(py_mountp);
Py_DECREF(py_tuple);
Py_CLEAR(py_dev);
Py_CLEAR(py_mountp);
Py_CLEAR(py_tuple);
}

free(fs);
Expand Down Expand Up @@ -911,7 +911,6 @@ psutil_proc_threads(PyObject *self, PyObject *args) {
}

for (j = 0; j < thread_count; j++) {
py_tuple = NULL;
thread_info_count = THREAD_INFO_MAX;
kr = thread_info(thread_list[j], THREAD_BASIC_INFO,
(thread_info_t)thinfo_basic, &thread_info_count);
Expand All @@ -934,7 +933,7 @@ psutil_proc_threads(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_tuple);
Py_CLEAR(py_tuple);
}

ret = vm_deallocate(task, (vm_address_t)thread_list,
Expand Down Expand Up @@ -1043,10 +1042,8 @@ psutil_proc_open_files(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_tuple);
py_tuple = NULL;
Py_DECREF(py_path);
py_path = NULL;
Py_CLEAR(py_tuple);
Py_CLEAR(py_path);
// --- /construct python list
}
}
Expand Down Expand Up @@ -1226,7 +1223,7 @@ psutil_proc_connections(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_tuple);
Py_CLEAR(py_tuple);
}
else if (family == AF_UNIX) {
py_laddr = PyUnicode_DecodeFSDefault(
Expand All @@ -1248,9 +1245,9 @@ psutil_proc_connections(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_tuple);
Py_DECREF(py_laddr);
Py_DECREF(py_raddr);
Py_CLEAR(py_tuple);
Py_CLEAR(py_laddr);
Py_CLEAR(py_raddr);
}
}
}
Expand Down Expand Up @@ -1370,7 +1367,7 @@ psutil_net_io_counters(PyObject *self, PyObject *args) {
goto error;
if (PyDict_SetItemString(py_retdict, ifc_name, py_ifc_info))
goto error;
Py_DECREF(py_ifc_info);
Py_CLEAR(py_ifc_info);
}
else {
continue;
Expand Down Expand Up @@ -1543,7 +1540,7 @@ psutil_disk_io_counters(PyObject *self, PyObject *args) {
goto error;
if (PyDict_SetItemString(py_retdict, disk_name, py_disk_info))
goto error;
Py_DECREF(py_disk_info);
Py_CLEAR(py_disk_info);

CFRelease(parent_dict);
IOObjectRelease(parent);
Expand Down Expand Up @@ -1605,10 +1602,10 @@ psutil_users(PyObject *self, PyObject *args) {
endutxent();
goto error;
}
Py_DECREF(py_username);
Py_DECREF(py_tty);
Py_DECREF(py_hostname);
Py_DECREF(py_tuple);
Py_CLEAR(py_username);
Py_CLEAR(py_tty);
Py_CLEAR(py_hostname);
Py_CLEAR(py_tuple);
}

endutxent();
Expand Down
43 changes: 21 additions & 22 deletions psutil/_psutil_sunos.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,8 +300,8 @@ psutil_proc_environ(PyObject *self, PyObject *args) {
if (PyDict_SetItem(py_retdict, py_envname, py_envval) < 0)
goto error;

Py_DECREF(py_envname);
Py_DECREF(py_envval);
Py_CLEAR(py_envname);
Py_CLEAR(py_envval);
}

psutil_free_cstrings_array(env, env_count);
Expand Down Expand Up @@ -655,10 +655,10 @@ psutil_users(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_username);
Py_DECREF(py_tty);
Py_DECREF(py_hostname);
Py_DECREF(py_tuple);
Py_CLEAR(py_username);
Py_CLEAR(py_tty);
Py_CLEAR(py_hostname);
Py_CLEAR(py_tuple);
}
endutxent();

Expand Down Expand Up @@ -714,9 +714,9 @@ psutil_disk_partitions(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_dev);
Py_DECREF(py_mountp);
Py_DECREF(py_tuple);
Py_CLEAR(py_dev);
Py_CLEAR(py_mountp);
Py_CLEAR(py_tuple);
}
fclose(file);
return py_retlist;
Expand Down Expand Up @@ -767,8 +767,7 @@ psutil_per_cpu_times(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_cputime))
goto error;
Py_DECREF(py_cputime);
py_cputime = NULL;
Py_CLEAR(py_cputime);
}
}

Expand Down Expand Up @@ -824,7 +823,7 @@ psutil_disk_io_counters(PyObject *self, PyObject *args) {
if (PyDict_SetItemString(py_retdict, ksp->ks_name,
py_disk_info))
goto error;
Py_DECREF(py_disk_info);
Py_CLEAR(py_disk_info);
}
}
ksp = ksp->ks_next;
Expand Down Expand Up @@ -959,8 +958,8 @@ psutil_proc_memory_maps(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_path);
Py_DECREF(py_tuple);
Py_CLEAR(py_path);
Py_CLEAR(py_tuple);

// increment pointer
p += 1;
Expand Down Expand Up @@ -1075,7 +1074,7 @@ psutil_net_io_counters(PyObject *self, PyObject *args) {
goto error;
if (PyDict_SetItemString(py_retdict, ksp->ks_name, py_ifc_info))
goto error;
Py_DECREF(py_ifc_info);
Py_CLEAR(py_ifc_info);
goto next;

next:
Expand Down Expand Up @@ -1273,7 +1272,7 @@ psutil_net_connections(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_tuple);
Py_CLEAR(py_tuple);
}
}
#if defined(AF_INET6)
Expand All @@ -1287,7 +1286,7 @@ psutil_net_connections(PyObject *self, PyObject *args) {
#ifdef NEW_MIB_COMPLIANT
processed_pid = tp6.tcp6ConnCreationProcess;
#else
processed_pid = 0;
processed_pid = 0;
#endif
if (pid != -1 && processed_pid != pid)
continue;
Expand Down Expand Up @@ -1316,14 +1315,14 @@ psutil_net_connections(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_tuple);
Py_CLEAR(py_tuple);
}
}
#endif
// UDPv4
else if (mibhdr.level == MIB2_UDP || mibhdr.level == MIB2_UDP_ENTRY) {
num_ent = mibhdr.len / sizeof(mib2_udpEntry_t);
assert(num_ent * sizeof(mib2_udpEntry_t) == mibhdr.len);
assert(num_ent * sizeof(mib2_udpEntry_t) == mibhdr.len);
for (i = 0; i < num_ent; i++) {
memcpy(&ude, databuf.buf + i * sizeof ude, sizeof ude);
#ifdef NEW_MIB_COMPLIANT
Expand Down Expand Up @@ -1355,7 +1354,7 @@ psutil_net_connections(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_tuple);
Py_CLEAR(py_tuple);
}
}
#if defined(AF_INET6)
Expand Down Expand Up @@ -1388,7 +1387,7 @@ psutil_net_connections(PyObject *self, PyObject *args) {
goto error;
if (PyList_Append(py_retlist, py_tuple))
goto error;
Py_DECREF(py_tuple);
Py_CLEAR(py_tuple);
}
}
#endif
Expand Down Expand Up @@ -1561,7 +1560,7 @@ psutil_net_if_stats(PyObject* self, PyObject* args) {
goto error;
if (PyDict_SetItemString(py_retdict, ksp->ks_name, py_ifc_info))
goto error;
Py_DECREF(py_ifc_info);
Py_CLEAR(py_ifc_info);
}
}

Expand Down
Loading

0 comments on commit 7d512c8

Please sign in to comment.