Fix PyArg_ParseTuple format mismatch and non-NULL return with exception in stream module#331
Open
devdanzin wants to merge 2 commits intopython-lz4:masterfrom
Open
Fix PyArg_ParseTuple format mismatch and non-NULL return with exception in stream module#331devdanzin wants to merge 2 commits intopython-lz4:masterfrom
devdanzin wants to merge 2 commits intopython-lz4:masterfrom
Conversation
Fix memory and buffer leaks on five error paths: - block/compress: release source and dict Py_buffers on PyMem_Malloc failure - block/decompress: release source and dict Py_buffers on PyMem_Malloc failure - frame/compress: release source Py_buffer on block_checksum version error - frame/compress_begin: free destination buffer on LZ4F_compressBegin failure (same pattern as the bug fixed in 43fe65d, not propagated to this site) - frame/__decompress: free original destination buffer on PyMem_Realloc failure (realloc returns NULL without freeing the original pointer) Found using cext-review-toolkit (https://github.com/devdanzin/cext-review-toolkit). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…on in stream module - Fix _compress_bound: format "OI" expects (PyObject*, unsigned int) but only &input_size is provided. The "O" writes a PyObject* into a uint32_t — type mismatch and memory corruption on every call. Change to "I" to match the identical _input_bound function at line 1091. - Fix _compress: when update_context_after_process fails, PyErr_Format sets an exception but goto exit_now returns the already-created py_dest (non-NULL). This violates the Python/C API contract (returning a result with an exception set), causing SystemError. Clear py_dest before the goto. Found using cext-review-toolkit (https://github.com/devdanzin/cext-review-toolkit). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fix
_compress_bound: format"OI"expects(PyObject*, unsigned int)but only&input_size(uint32_t*) is provided — the"O"writes aPyObject*into auint32_t, causing type mismatch and undefined behavior on every call. Changed to"I"to match the identical_input_boundfunction at line 1091.Fix
_compress: whenupdate_context_after_processfails,PyErr_Formatsets an exception butgoto exit_nowreturns the already-createdpy_dest(non-NULL). This violates the Python/C API contract (returning a result with an exception set), causingSystemError. AddedPy_CLEAR(py_dest)before the goto.Context
The
"OI"vs"I"bug appears to be a copy-paste error —_input_boundon line 1091 has the correct"I"format for the same single-argument pattern.Found using cext-review-toolkit.
Note
This PR was authored and submitted by Claude Code (Anthropic).
It was reviewed by a human before submission.
Test plan
_compress_boundnow correctly parses a single unsigned int argument_compressreturns NULL (not a result) whenupdate_context_after_processfails