`readline` is missing a null pointer check on `strdup` return value

[KowalskiThomas]

Bug report

Bug description:

In readline.c, a call is made to strdup to populate completer_word_break_characters, but the return value of strdup is never checked before being used. In strdup failed, it will lead to a hard crash.

cpython/Modules/readline.c

Lines 1404 to 1416 in 1d28f9a

	completer_word_break_characters =
	strdup(" \t\n`~!@#$%^&*()-=+[{]}\\|;:'\",<>/?");
	/* All nonalphanums except '.' */
	#ifdef WITH_EDITLINE
	// libedit uses rl_basic_word_break_characters instead of
	// rl_completer_word_break_characters as complete delimiter
	rl_basic_word_break_characters = completer_word_break_characters;
	#else
	if (using_libedit_emulation) {
	rl_basic_word_break_characters = completer_word_break_characters;
	}
	#endif
	rl_completer_word_break_characters = completer_word_break_characters;

CPython versions tested on:

CPython main branch

Operating systems tested on:

macOS

Linked PRs

• gh-150372: add missing null check on completer_word_break_characters in readline.c #150251

[sergey-miryanov]

Could you please check whether we should backport this fix?

[KowalskiThomas]

Could you please check whether we should backport this fix?

@sergey-miryanov I do believe this needs to be backported, it's in the same state on 3.15 / 3.14 / 3.13. If you consider it security and not a bug fix then probably even to older versions as well.

[sergey-miryanov]

Thanks! I'm not sure this should be classified as a security bug.