bpo-30594: Fix spurious DECREF in newPySSLSocket by njsmith · Pull Request #1992 · python/cpython (original) (raw)

In newPySSLSocket, it sets up the new 'self' object, which among other
things owns a reference to the parent SSLContext in 'self->ctx'.

It then tries to idna-decode the given server_hostname, and if this
fails it does Py_DECREF(self) and returns.

The Py_DECREF(self) causes the PySSLSocket destructor to run, which
calls Py_DECREF(self->ctx), which releases the reference to the parent
SSLContext object.

However... as currently written, we don't actually take the
reference to the parent SSLContext until after the idna-decoding
step. I.e., this does a Py_DECREF on an object that was never
Py_INCREFed. Eventually we get a segfault.