Overview

File CVE-2023-25399-incorrect-refcounting.patch of Package python-scipy.29836

From 9b6521198c4f31d3f9cb525e581bea8e3e77f0a2 Mon Sep 17 00:00:00 2001
From: Ralf Gommers <ralf.gommers@gmail.com>
Date: Mon, 13 Jun 2022 20:12:00 +0200
Subject: [PATCH 1/2] BUG: fix a minor refcounting issue in `Py_FindObjects`

Closes gh-16235

Note: also change `Py_XDECREF`s for start/end variables to `Py_DECREF`,
because it's already checked higher up that those variables are not
NULL.
---
 scipy/ndimage/src/nd_image.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scipy/ndimage/src/nd_image.c b/scipy/ndimage/src/nd_image.c
index 8dfa21ea226..11d176a305b 100644
--- a/scipy/ndimage/src/nd_image.c
+++ b/scipy/ndimage/src/nd_image.c
@@ -885,7 +885,7 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args)
         npy_intp idx =
                 PyArray_NDIM(input) > 0 ? 2 * PyArray_NDIM(input) * ii : ii;
         if (regions[idx] >= 0) {
-            PyObject *tuple = PyTuple_New(PyArray_NDIM(input));
+            tuple = PyTuple_New(PyArray_NDIM(input));
             if (!tuple) {
                 PyErr_NoMemory();
                 goto exit;
@@ -903,8 +903,8 @@ static PyObject *Py_FindObjects(PyObject *obj, PyObject *args)
                     PyErr_NoMemory();
                     goto exit;
                 }
-                Py_XDECREF(start);
-                Py_XDECREF(end);
+                Py_DECREF(start);
+                Py_DECREF(end);
                 start = end = NULL;
                 PyTuple_SetItem(tuple, jj, slc);
                 slc = NULL;

From 133b92679ab23e0fa4a6f3b6e45f493312531024 Mon Sep 17 00:00:00 2001
From: Ralf Gommers <ralf.gommers@gmail.com>
Date: Mon, 13 Jun 2022 20:20:06 +0200
Subject: [PATCH 2/2] BUG: fix small refcount issue in `ndimage._ctest`

Note that this is only test code, so it wasn't a real-world problem.

Closes gh-16236
---
 scipy/ndimage/src/_ctest.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scipy/ndimage/src/_ctest.c b/scipy/ndimage/src/_ctest.c
index fe8ce676e4c..f84ba064afd 100644
--- a/scipy/ndimage/src/_ctest.c
+++ b/scipy/ndimage/src/_ctest.c
@@ -93,6 +93,8 @@ py_filter2d(PyObject *obj, PyObject *args)
 	    goto error;
 	}
 	callback_data[i] = PyFloat_AsDouble(item);
+        Py_DECREF(item);
+        item = NULL;
 	if (PyErr_Occurred()) goto error;
     }
openSUSE Build Service is sponsored by
Places