From 3b1aa5f1aa8bd5f1d3cf1a8fd09d3e6c432d2b06 Mon Sep 17 00:00:00 2001 From: Pieter Eendebak Date: Fri, 6 Mar 2026 21:11:03 +0100 Subject: [PATCH 1/3] gh-145376: Fix crashes in md5module.c Fix a possible NULL pointer dereference in `md5module.c`. This can only occur in error paths taken when the interpreter fails to allocate memory. (cherry-picked from c1d77683213c400fca144692654845e6f5418981) --- Modules/md5module.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Modules/md5module.c b/Modules/md5module.c index 7d41f0a3a5145d..9fa44cb5d4ad4d 100644 --- a/Modules/md5module.c +++ b/Modules/md5module.c @@ -84,7 +84,10 @@ MD5_traverse(PyObject *ptr, visitproc visit, void *arg) static void MD5_dealloc(MD5object *ptr) { - Hacl_Hash_MD5_free(ptr->hash_state); + if (ptr->hash_state != NULL) { + Hacl_Hash_MD5_free(ptr->hash_state); + ptr->hash_state == NULL; + } PyTypeObject *tp = Py_TYPE((PyObject*)ptr); PyObject_GC_UnTrack(ptr); PyObject_GC_Del(ptr); From 71e547c9d8271ec7598f4f9a3264dfa48bfd52f7 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Fri, 6 Mar 2026 20:17:49 +0000 Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 Misc/NEWS.d/next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst diff --git a/Misc/NEWS.d/next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst b/Misc/NEWS.d/next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst new file mode 100644 index 00000000000000..aeba8c01fcf603 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2026-03-06-20-17-45.gh-issue-145376.0F7HFq.rst @@ -0,0 +1 @@ +Fix null pointer dereference in unusual error scenario in :mod:`hashlib`. From 1750f48373af92c47f4817fee3c974511b6d2e80 Mon Sep 17 00:00:00 2001 From: Pieter Eendebak Date: Fri, 6 Mar 2026 23:01:10 +0100 Subject: [PATCH 3/3] Update Modules/md5module.c --- Modules/md5module.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/md5module.c b/Modules/md5module.c index 9fa44cb5d4ad4d..c56fa5fc13e32e 100644 --- a/Modules/md5module.c +++ b/Modules/md5module.c @@ -86,7 +86,7 @@ MD5_dealloc(MD5object *ptr) { if (ptr->hash_state != NULL) { Hacl_Hash_MD5_free(ptr->hash_state); - ptr->hash_state == NULL; + ptr->hash_state = NULL; } PyTypeObject *tp = Py_TYPE((PyObject*)ptr); PyObject_GC_UnTrack(ptr);