From 1fb0b985f21908873494ad5172deb1f31078e388 Mon Sep 17 00:00:00 2001 From: Thomas Kowalski Date: Fri, 22 May 2026 15:34:29 +0200 Subject: [PATCH 1/7] fix: missing null check on strdup --- Modules/readline.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Modules/readline.c b/Modules/readline.c index 488332f548e5fe3..a7e8bc2066a1ccc 100644 --- a/Modules/readline.c +++ b/Modules/readline.c @@ -1404,6 +1404,10 @@ setup_readline(readlinestate *mod_state) completer_word_break_characters = strdup(" \t\n`~!@#$%^&*()-=+[{]}\\|;:'\",<>/?"); /* All nonalphanums except '.' */ + + if (!completer_word_break_characters) { + return -1; + } #ifdef WITH_EDITLINE // libedit uses rl_basic_word_break_characters instead of // rl_completer_word_break_characters as complete delimiter From f431ecc39431c01f66b20f382f02ed41fea76578 Mon Sep 17 00:00:00 2001 From: Thomas Kowalski Date: Mon, 25 May 2026 07:22:28 +0200 Subject: [PATCH 2/7] misc: add news entry --- .../Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst diff --git a/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst b/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst new file mode 100644 index 000000000000000..9364570a954814f --- /dev/null +++ b/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst @@ -0,0 +1,3 @@ +Fix missing null check on the result of :func:`!strdup` in +:mod:`readline` module initialization, preventing a potential null pointer +dereference on memory allocation failure. From 5492c5541266ae853c7ebcfc6c2b89f9aa462982 Mon Sep 17 00:00:00 2001 From: Thomas Kowalski Date: Mon, 25 May 2026 09:18:56 +0200 Subject: [PATCH 3/7] review: restore locale before return --- Modules/readline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/Modules/readline.c b/Modules/readline.c index a7e8bc2066a1ccc..419d3a36a1b161b 100644 --- a/Modules/readline.c +++ b/Modules/readline.c @@ -1406,6 +1406,7 @@ setup_readline(readlinestate *mod_state) /* All nonalphanums except '.' */ if (!completer_word_break_characters) { + RESTORE_LOCALE(saved_locale) return -1; } #ifdef WITH_EDITLINE From 7ba2557421625aa81ec83dcbefe2339c653e836d Mon Sep 17 00:00:00 2001 From: Thomas Kowalski Date: Fri, 29 May 2026 18:10:00 +0200 Subject: [PATCH 4/7] review: update Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst Co-authored-by: Victor Stinner --- .../Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst b/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst index 9364570a954814f..b673eb239a7b929 100644 --- a/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst +++ b/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst @@ -1,3 +1,4 @@ Fix missing null check on the result of :func:`!strdup` in :mod:`readline` module initialization, preventing a potential null pointer -dereference on memory allocation failure. +:mod:`readline`: Fix missing null check on the result of :func:`!strdup` +in module initialization, preventing a potential null pointer From 14492476ef3700cab16e0c00d974c5f9250ebef8 Mon Sep 17 00:00:00 2001 From: Thomas Kowalski Date: Fri, 29 May 2026 18:12:17 +0200 Subject: [PATCH 5/7] review: goto error at the end of the function --- Modules/readline.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Modules/readline.c b/Modules/readline.c index 419d3a36a1b161b..7cf08b99ed1b7a9 100644 --- a/Modules/readline.c +++ b/Modules/readline.c @@ -1406,8 +1406,7 @@ setup_readline(readlinestate *mod_state) /* All nonalphanums except '.' */ if (!completer_word_break_characters) { - RESTORE_LOCALE(saved_locale) - return -1; + goto error; } #ifdef WITH_EDITLINE // libedit uses rl_basic_word_break_characters instead of @@ -1452,6 +1451,10 @@ setup_readline(readlinestate *mod_state) RESTORE_LOCALE(saved_locale) return 0; + +error: + RESTORE_LOCALE(saved_locale) + return -1; } /* Wrapper around GNU readline that handles signals differently. */ From 3dfd718aa50e7f83fc7835e86dd25822858cbdd4 Mon Sep 17 00:00:00 2001 From: Thomas Kowalski Date: Fri, 29 May 2026 18:13:43 +0200 Subject: [PATCH 6/7] misc: fix up broken news entry --- .../next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst b/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst index b673eb239a7b929..c7536076a908186 100644 --- a/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst +++ b/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst @@ -1,4 +1,2 @@ -Fix missing null check on the result of :func:`!strdup` in -:mod:`readline` module initialization, preventing a potential null pointer :mod:`readline`: Fix missing null check on the result of :func:`!strdup` in module initialization, preventing a potential null pointer From 473c33c527bd6397e2087d8338ff6569db374d43 Mon Sep 17 00:00:00 2001 From: Thomas Kowalski Date: Sat, 30 May 2026 17:33:40 +0200 Subject: [PATCH 7/7] misc: update news entry --- .../Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst b/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst index c7536076a908186..7b83bd8fe73f11d 100644 --- a/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst +++ b/Misc/NEWS.d/next/Library/2026-05-25-07-22-05.gh-issue-150372.9hLqhe.rst @@ -1,2 +1,2 @@ -:mod:`readline`: Fix missing null check on the result of :func:`!strdup` -in module initialization, preventing a potential null pointer +:mod:`readline`: Fix a potential crash during tab completion caused by an +out-of-memory error during module initialization.