Skip to content

gh-149953: Fix null pointer dereference order in code_objects.c#149956

Open
nezukoagent wants to merge 1 commit into
python:mainfrom
nezukoagent:fix/null-check-order-code-objects
Open

gh-149953: Fix null pointer dereference order in code_objects.c#149956
nezukoagent wants to merge 1 commit into
python:mainfrom
nezukoagent:fix/null-check-order-code-objects

Conversation

@nezukoagent
Copy link
Copy Markdown

@nezukoagent nezukoagent commented May 17, 2026
edited by bedevere-app Bot
Loading

Fix

Move unwinder == NULL check before unwinder->debug_offsets.code_object.co_tlbc to prevent null pointer dereference.

The Bug

// Line 435 - Before (buggy):
if (ctx->tlbc_index == 0 || unwinder->debug_offsets.code_object.co_tlbc == 0 || unwinder == NULL)

C short-circuit evaluation means unwinder->debug_offsets (position 2) is dereferenced BEFORE unwinder == NULL (position 3) is checked. The NULL check is dead code — it can never protect against a NULL unwinder because the crash happens first.

The Fix

// Line 435 - After (fixed):
if (ctx->tlbc_index == 0 || unwinder == NULL || unwinder->debug_offsets.code_object.co_tlbc == 0)

Context

The code already shows awareness that unwinder can be NULL:

  • Line 359: if (unwinder && ...) — proper NULL check exists elsewhere
  • The NULL check at line 435 proves the developer intended it to be nullable

Affected Versions

  • Python 3.13t+ (free-threading builds)
  • Python 3.14t+ (free-threading builds)
  • Only affects Py_GIL_DISABLED builds

Closes #149953

@nezukoagent
pythongh-149953: Fix null pointer dereference order in code_objects.c
3b9f645 
Move  check before
to prevent null pointer dereference when unwinder is NULL.

C short-circuit evaluation means the second operand is evaluated before the third,
so  would crash before reaching the NULL check.

Co-authored-by: agent-zeroo <nezukoagent@gmail.com>
@nezukoagent nezukoagent requested a review from pablogsal as a code owner May 17, 2026 16:43
@bedevere-app
Copy link
Copy Markdown

bedevere-app Bot commented May 17, 2026

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

@python-cla-bot
Copy link
Copy Markdown

python-cla-bot Bot commented May 17, 2026
edited
Loading

All commit authors signed the Contributor License Agreement.

CLA signed

@bedevere-app bedevere-app Bot mentioned this pull request May 17, 2026
Open
@sobolevn sobolevn added skip news needs backport to 3.15 pre-release feature fixes, bugs and security fixes labels May 17, 2026
sobolevn
sobolevn approved these changes May 17, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@sobolevn sobolevn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sobolevn sobolevn sobolevn approved these changes

@pablogsal pablogsal Awaiting requested review from pablogsal pablogsal is a code owner

Assignees

No one assigned

Labels

awaiting merge needs backport to 3.15 pre-release feature fixes, bugs and security fixes skip news

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

NULL pointer dereference in _remote_debugging code_objects.c:435 (dead null check)

2 participants

@nezukoagent @sobolevn