From 0154597c46e2b9de868182253762e98391d6efc3 Mon Sep 17 00:00:00 2001 From: Axel Huebl Date: Mon, 7 Jan 2019 18:48:28 +0100 Subject: [PATCH] Fix Potential Nullptr Dereference Fix a potential nullptr dereference of `obj`. Found with coverity in a downstream project. --- include/pybind11/detail/class.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/include/pybind11/detail/class.h b/include/pybind11/detail/class.h index 7a5dd0130d..11887bf83c 100644 --- a/include/pybind11/detail/class.h +++ b/include/pybind11/detail/class.h @@ -461,6 +461,12 @@ inline void enable_dynamic_attributes(PyHeapTypeObject *heap_type) { /// buffer_protocol: Fill in the view as specified by flags. extern "C" inline int pybind11_getbuffer(PyObject *obj, Py_buffer *view, int flags) { + if (view == nullptr || obj == nullptr) { + if (view) + view->obj = nullptr; + PyErr_SetString(PyExc_BufferError, "pybind11_getbuffer(): Internal error (nullptr passed)"); + return -1; + } // Look for a `get_buffer` implementation in this type's info or any bases (following MRO). type_info *tinfo = nullptr; for (auto type : reinterpret_borrow(Py_TYPE(obj)->tp_mro)) { @@ -468,10 +474,8 @@ extern "C" inline int pybind11_getbuffer(PyObject *obj, Py_buffer *view, int fla if (tinfo && tinfo->get_buffer) break; } - if (view == nullptr || obj == nullptr || !tinfo || !tinfo->get_buffer) { - if (view) - view->obj = nullptr; - PyErr_SetString(PyExc_BufferError, "pybind11_getbuffer(): Internal error"); + if (!tinfo || !tinfo->get_buffer) { + PyErr_SetString(PyExc_BufferError, "pybind11_getbuffer(): Internal error (get_type_info)"); return -1; } std::memset(view, 0, sizeof(Py_buffer));