Potential null pointer dereference in `PySys_AddWarnOptionUnicode`

[federicovalenso]

Bug report

Bug description:

Pointer tstate is compared to a NULL value here, but above there is a dereference. Stack trace: _PySys_AddWarnOptionWithError -> get_warnoptions -> _PySys_GetAttr. Correct code should look like this:

void
PySys_AddWarnOptionUnicode(PyObject *option)
{
    PyThreadState *tstate = _PyThreadState_GET();
    if (tstate && _PySys_AddWarnOptionWithError(tstate, option) < 0) {
        /* No return value, therefore clear error state if possible */
        _PyErr_Clear(tstate);
    }
}

CPython versions tested on:

3.11

Operating systems tested on:

No response

Linked PRs

• gh-126108: Fix potential null pointer dereference in PySys_AddWarnOptionUnicode #126118
• [3.13] gh-126108: Fix potential null pointer dereference in PySys_AddWarnOptionUnicode (GH-126118) #129520
• [3.12] gh-126108: Fix potential null pointer dereference in PySys_AddWarnOptionUnicode (GH-126118) #129522

[picnixz]

Thanks for spotting this. This still happens on main. Feel free to open a PR (I can do it as well if you want).

Note: 3.11 is security-only and this does not seem to count as a security issue unless someone is able to provide me a PoC of an exploit using that null pointer dereference.

[picnixz]

cc @sobolevn since you are working on this batch of issues

[sobolevn]

I haven't seen this one yet :)