Skip to content

Potential security issue in src_c/_sprite.c: Unchecked return from initialization function #190

Description

@monocle-ai

What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.

2 instances of this defect were found in the following locations:

Instance 1
File : src_c/_sprite.c
Function: __Pyx_CallUnboundCMethod1
https://github.com/siva-msft/pygame/blob/0f3cde6bc1377f9ecb1365c78900c3ef852f926a/src_c/_sprite.c#L29339
Code extract:

#endif
    else {
        if (default_value == Py_None)
            value = __Pyx_CallUnboundCMethod1(&__pyx_umethod_PyDict_Type_get, d, key); <------ HERE
        else
            value = __Pyx_CallUnboundCMethod2(&__pyx_umethod_PyDict_Type_get, d, key, default_value);

How can I fix it?
Correct reference usage found in src_c/_sprite.c at line 29862.
https://github.com/siva-msft/pygame/blob/0f3cde6bc1377f9ecb1365c78900c3ef852f926a/src_c/_sprite.c#L29862
Code extract:

    if (default_value) {
        return __Pyx_CallUnboundCMethod2(&__pyx_umethod_PyDict_Type_pop, d, key, default_value);
    } else {
        return __Pyx_CallUnboundCMethod1(&__pyx_umethod_PyDict_Type_pop, d, key); <------ HERE
    }
}

Instance 2
File : src_c/_sprite.c
Function: PyObject_SetAttr
https://github.com/siva-msft/pygame/blob/0f3cde6bc1377f9ecb1365c78900c3ef852f926a/src_c/_sprite.c#L31190
Code extract:

    }
    if (!use_cline) {
        c_line = 0;
        PyObject_SetAttr(__pyx_cython_runtime, __pyx_n_s_cline_in_traceback, Py_False); <------ HERE
    }
    else if (use_cline == Py_False || (use_cline != Py_True && PyObject_Not(use_cline) != 0)) {

How can I fix it?
Correct reference usage found in src_c/pypm.c at line 6419.

if (PyObject_SetAttr(__pyx_m, __pyx_n_s_Input, (PyObject *)&__pyx_type_6pygame_4pypm_Input) < 0) __PYX_ERR(0, 510, __pyx_L1_error)

Code extract:

    }
  }
  #endif
  if (PyObject_SetAttr(__pyx_m, __pyx_n_s_Input, (PyObject *)&__pyx_type_6pygame_4pypm_Input) < 0) __PYX_ERR(0, 510, __pyx_L1_error) <------ HERE
  if (__Pyx_setup_reduce((PyObject*)&__pyx_type_6pygame_4pypm_Input) < 0) __PYX_ERR(0, 510, __pyx_L1_error)
  __pyx_ptype_6pygame_4pypm_Input = &__pyx_type_6pygame_4pypm_Input;

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions