From a5191f2a20c4a9d5e3d68ac42e622d9f1cfa3507 Mon Sep 17 00:00:00 2001 From: Timur Mamedov Date: Sat, 20 Jun 2026 19:27:30 -0400 Subject: [PATCH] gh-151815: Fix segfault in template_iter on allocation failure Initialize stringsiter and interpolationsiter to NULL immediately after PyObject_GC_New so that templateiter_clear can safely run Py_CLEAR if a subsequent PyObject_GetIter call fails. --- .../2026-06-20-14-00-00.gh-issue-151815.TmplIt.rst | 2 ++ Objects/templateobject.c | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 Misc/NEWS.d/next/Core_and_Builtins/2026-06-20-14-00-00.gh-issue-151815.TmplIt.rst diff --git a/Misc/NEWS.d/next/Core_and_Builtins/2026-06-20-14-00-00.gh-issue-151815.TmplIt.rst b/Misc/NEWS.d/next/Core_and_Builtins/2026-06-20-14-00-00.gh-issue-151815.TmplIt.rst new file mode 100644 index 000000000000000..07c53738ef04021 --- /dev/null +++ b/Misc/NEWS.d/next/Core_and_Builtins/2026-06-20-14-00-00.gh-issue-151815.TmplIt.rst @@ -0,0 +1,2 @@ +Fix segfault in t-string iterator deallocation when :c:func:`PyObject_GetIter` +fails during construction, caused by ``Py_CLEAR`` on uninitialized pointers. diff --git a/Objects/templateobject.c b/Objects/templateobject.c index 1609e82b444516c..994b352d7dcd639 100644 --- a/Objects/templateobject.c +++ b/Objects/templateobject.c @@ -226,6 +226,8 @@ template_iter(PyObject *op) if (iter == NULL) { return NULL; } + iter->stringsiter = NULL; + iter->interpolationsiter = NULL; PyObject *stringsiter = PyObject_GetIter(self->strings); if (stringsiter == NULL) {