From be078a12d49f59522faf8a593226f860bc5de1c2 Mon Sep 17 00:00:00 2001 From: Yongtao Huang Date: Fri, 12 Dec 2025 07:25:13 +0800 Subject: [PATCH 1/4] Fix incorrect PyObject_CallFunction usage (remove extra NULL argument) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR fixes incorrect calls to PyObject_CallFunction where an extra NULL argument was passed despite the format string already specifying the complete argument list. PyObject_CallFunction does not use a NULL terminator; it relies solely on the format string to determine how many arguments to read. Providing more arguments than required results in undefined behavior due to va_list misalignment. The affected calls: - PyImport_Import() — "OOOOi" was given 6 arguments instead of 5 - deque_copy() — "Oi" was given 3 arguments instead of 2 Both have been corrected by removing the superfluous NULL. No functional changes beyond fixing the API misuse. Signed-off-by: Yongtao Huang --- Modules/_collectionsmodule.c | 2 +- Python/import.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/_collectionsmodule.c b/Modules/_collectionsmodule.c index 3ba48d5d9d3c64..e8e64a0bbafa78 100644 --- a/Modules/_collectionsmodule.c +++ b/Modules/_collectionsmodule.c @@ -634,7 +634,7 @@ deque_copy_impl(dequeobject *deque) (PyObject *)deque); else result = PyObject_CallFunction((PyObject *)(Py_TYPE(deque)), "Oi", - deque, old_deque->maxlen, NULL); + deque, old_deque->maxlen); if (result != NULL && !PyObject_TypeCheck(result, state->deque_type)) { PyErr_Format(PyExc_TypeError, "%.200s() must return a deque, not %.200s", diff --git a/Python/import.c b/Python/import.c index 4dd247fac27654..cb77ae331ca627 100644 --- a/Python/import.c +++ b/Python/import.c @@ -4067,7 +4067,7 @@ PyImport_Import(PyObject *module_name) Always use absolute import here. Calling for side-effect of import. */ r = PyObject_CallFunction(import, "OOOOi", module_name, globals, - globals, from_list, 0, NULL); + globals, from_list, 0); if (r == NULL) goto err; Py_DECREF(r); From 66fbac7e915b8bb7f37fa318dcbe4b83396d3e44 Mon Sep 17 00:00:00 2001 From: "blurb-it[bot]" <43283697+blurb-it[bot]@users.noreply.github.com> Date: Thu, 11 Dec 2025 23:57:21 +0000 Subject: [PATCH 2/4] =?UTF-8?q?=F0=9F=93=9C=F0=9F=A4=96=20Added=20by=20blu?= =?UTF-8?q?rb=5Fit.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst diff --git a/Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst b/Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst new file mode 100644 index 00000000000000..f938d52b43fe0e --- /dev/null +++ b/Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst @@ -0,0 +1,3 @@ +Fix two internal C API call sites where ``PyObject_CallFunction`` was +incorrectly passed an extra ``NULL`` argument in +:class:`collections.deque` and in the import machinery. (gh-142606) From cc5026a089bd13805415c6fd0d46a6dd7cc52735 Mon Sep 17 00:00:00 2001 From: Yongtao Huang Date: Fri, 12 Dec 2025 13:47:39 +0800 Subject: [PATCH 3/4] Update Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst Co-authored-by: AN Long --- .../next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst b/Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst index f938d52b43fe0e..c402bd1723d663 100644 --- a/Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst +++ b/Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst @@ -1,3 +1,3 @@ Fix two internal C API call sites where ``PyObject_CallFunction`` was incorrectly passed an extra ``NULL`` argument in -:class:`collections.deque` and in the import machinery. (gh-142606) +:class:`collections.deque` and in the import machinery. From 112d556ad9163867ed04b6ed28b21ef85ff652d6 Mon Sep 17 00:00:00 2001 From: Yongtao Huang Date: Fri, 12 Dec 2025 15:34:32 +0800 Subject: [PATCH 4/4] Resolve comment --- .../Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst diff --git a/Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst b/Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst deleted file mode 100644 index c402bd1723d663..00000000000000 --- a/Misc/NEWS.d/next/Library/2025-12-11-23-57-20.gh-issue-142606.Xd3xTx.rst +++ /dev/null @@ -1,3 +0,0 @@ -Fix two internal C API call sites where ``PyObject_CallFunction`` was -incorrectly passed an extra ``NULL`` argument in -:class:`collections.deque` and in the import machinery.