Issue python#14909: A number of places were using PyMem_Realloc() apis and

PyObject_GC_Resize() with incorrect error handling.  In case of errors,
the original object would be leaked.  This checkin fixes those cases.

Author: kristjanvalur

Modules/_localemodule.c

@@ -257,11 +257,12 @@ PyLocale_strxfrm(PyObject* self, PyObject* args)
     n2 = wcsxfrm(buf, s, n1);
     if (n2 >= (size_t)n1) {
         /* more space needed */
-        buf = PyMem_Realloc(buf, (n2+1)*sizeof(wchar_t));
-        if (!buf) {
+        wchar_t * new_buf = PyMem_Realloc(buf, (n2+1)*sizeof(wchar_t));
+        if (!new_buf) {
             PyErr_NoMemory();
             goto exit;
         }
+        buf = new_buf;
         n2 = wcsxfrm(buf, s, n2+1);
     }
     result = PyUnicode_FromWideChar(buf, n2);

Modules/_randommodule.c

@@ -210,7 +210,7 @@ random_seed(RandomObject *self, PyObject *args)
     PyObject *masklower = NULL;
     PyObject *thirtytwo = NULL;
     PyObject *n = NULL;
-    unsigned long *key = NULL;
+    unsigned long *new_key, *key = NULL;
     unsigned long keymax;               /* # of allocated slots in key */
     unsigned long keyused;              /* # of used slots in key */
     int err;
@@ -287,10 +287,11 @@ random_seed(RandomObject *self, PyObject *args)
                 PyErr_NoMemory();
                 goto Done;
             }
-            key = (unsigned long *)PyMem_Realloc(key,
+            new_key = (unsigned long *)PyMem_Realloc(key,
                                     bigger * sizeof(*key));
-            if (key == NULL)
+            if (new_key == NULL)
                 goto Done;
+            key = new_key;
             keymax = bigger;
         }
         assert(keyused < keymax);

Modules/unicodedata.c

@@ -526,13 +526,16 @@ nfd_nfkd(PyObject *self, PyObject *input, int k)
             /* Hangul Decomposition adds three characters in
                a single step, so we need atleast that much room. */
             if (space < 3) {
+                Py_UCS4 *new_output;
                 osize += 10;
                 space += 10;
-                output = PyMem_Realloc(output, osize*sizeof(Py_UCS4));
-                if (output == NULL) {
+                new_output = PyMem_Realloc(output, osize*sizeof(Py_UCS4));
+                if (new_output == NULL) {
+                    PyMem_Free(output);
                     PyErr_NoMemory();
                     return NULL;
                 }
+                output = new_output;
             }
             /* Hangul Decomposition. */
             if (SBase <= code && code < (SBase+SCount)) {

Objects/frameobject.c

@@ -663,11 +663,13 @@ PyFrame_New(PyThreadState *tstate, PyCodeObject *code, PyObject *globals,
             f = free_list;
             free_list = free_list->f_back;
             if (Py_SIZE(f) < extras) {
-                f = PyObject_GC_Resize(PyFrameObject, f, extras);
-                if (f == NULL) {
+                PyFrameObject *new_f = PyObject_GC_Resize(PyFrameObject, f, extras);
+                if (new_f == NULL) {
+                    PyObject_GC_Del(f);
                     Py_DECREF(builtins);
                     return NULL;
                 }
+                f = new_f;
             }
             _Py_NewReference((PyObject *)f);
         }

Objects/unicodeobject.c

@@ -8343,13 +8343,15 @@ charmaptranslate_makespace(Py_UCS4 **outobj, Py_ssize_t *psize,
                                Py_ssize_t requiredsize)
 {
     Py_ssize_t oldsize = *psize;
+    Py_UCS4 *new_outobj;
     if (requiredsize > oldsize) {
         /* exponentially overallocate to minimize reallocations */
         if (requiredsize < 2 * oldsize)
             requiredsize = 2 * oldsize;
-        *outobj = PyMem_Realloc(*outobj, requiredsize * sizeof(Py_UCS4));
-        if (*outobj == 0)
+        new_outobj = PyMem_Realloc(*outobj, requiredsize * sizeof(Py_UCS4));
+        if (new_outobj == 0)
             return -1;
+        *outobj = new_outobj;
         *psize = requiredsize;
     }
     return 0;