From 7f2200c8d9d187d0dd7444d1c610642b83382b97 Mon Sep 17 00:00:00 2001
From: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Date: Fri, 10 Feb 2023 17:00:06 +0000
Subject: [PATCH 1/2] allocate capsule on heap

---
 Modules/pyexpat.c | 67 ++++++++++++++++++++++++++++-------------------
 1 file changed, 40 insertions(+), 27 deletions(-)

diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
index 63a3392d5efe7d..5b2caa3459e4e7 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -1878,6 +1878,13 @@ add_features(PyObject *mod)
 }
 #endif
 
+static void
+pyexpat_capsule_destructor(PyObject *capsule)
+{
+    PyMem_Free(PyCapsule_GetPointer(capsule, PyExpat_CAPSULE_NAME));
+}
+
+
 static int
 pyexpat_exec(PyObject *mod)
 {
@@ -1965,40 +1972,46 @@ pyexpat_exec(PyObject *mod)
     MYCONST(XML_PARAM_ENTITY_PARSING_ALWAYS);
 #undef MYCONST
 
-    static struct PyExpat_CAPI capi;
+    struct PyExpat_CAPI *capi = PyMem_Malloc(sizeof(*capi));
+    if (capi == NULL) {
+        PyErr_NoMemory();
+        return -1;
+    }
     /* initialize pyexpat dispatch table */
-    capi.size = sizeof(capi);
-    capi.magic = PyExpat_CAPI_MAGIC;
-    capi.MAJOR_VERSION = XML_MAJOR_VERSION;
-    capi.MINOR_VERSION = XML_MINOR_VERSION;
-    capi.MICRO_VERSION = XML_MICRO_VERSION;
-    capi.ErrorString = XML_ErrorString;
-    capi.GetErrorCode = XML_GetErrorCode;
-    capi.GetErrorColumnNumber = XML_GetErrorColumnNumber;
-    capi.GetErrorLineNumber = XML_GetErrorLineNumber;
-    capi.Parse = XML_Parse;
-    capi.ParserCreate_MM = XML_ParserCreate_MM;
-    capi.ParserFree = XML_ParserFree;
-    capi.SetCharacterDataHandler = XML_SetCharacterDataHandler;
-    capi.SetCommentHandler = XML_SetCommentHandler;
-    capi.SetDefaultHandlerExpand = XML_SetDefaultHandlerExpand;
-    capi.SetElementHandler = XML_SetElementHandler;
-    capi.SetNamespaceDeclHandler = XML_SetNamespaceDeclHandler;
-    capi.SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler;
-    capi.SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler;
-    capi.SetUserData = XML_SetUserData;
-    capi.SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler;
-    capi.SetEncoding = XML_SetEncoding;
-    capi.DefaultUnknownEncodingHandler = PyUnknownEncodingHandler;
+    capi->size = sizeof(*capi);
+    capi->magic = PyExpat_CAPI_MAGIC;
+    capi->MAJOR_VERSION = XML_MAJOR_VERSION;
+    capi->MINOR_VERSION = XML_MINOR_VERSION;
+    capi->MICRO_VERSION = XML_MICRO_VERSION;
+    capi->ErrorString = XML_ErrorString;
+    capi->GetErrorCode = XML_GetErrorCode;
+    capi->GetErrorColumnNumber = XML_GetErrorColumnNumber;
+    capi->GetErrorLineNumber = XML_GetErrorLineNumber;
+    capi->Parse = XML_Parse;
+    capi->ParserCreate_MM = XML_ParserCreate_MM;
+    capi->ParserFree = XML_ParserFree;
+    capi->SetCharacterDataHandler = XML_SetCharacterDataHandler;
+    capi->SetCommentHandler = XML_SetCommentHandler;
+    capi->SetDefaultHandlerExpand = XML_SetDefaultHandlerExpand;
+    capi->SetElementHandler = XML_SetElementHandler;
+    capi->SetNamespaceDeclHandler = XML_SetNamespaceDeclHandler;
+    capi->SetProcessingInstructionHandler = XML_SetProcessingInstructionHandler;
+    capi->SetUnknownEncodingHandler = XML_SetUnknownEncodingHandler;
+    capi->SetUserData = XML_SetUserData;
+    capi->SetStartDoctypeDeclHandler = XML_SetStartDoctypeDeclHandler;
+    capi->SetEncoding = XML_SetEncoding;
+    capi->DefaultUnknownEncodingHandler = PyUnknownEncodingHandler;
 #if XML_COMBINED_VERSION >= 20100
-    capi.SetHashSalt = XML_SetHashSalt;
+    capi->SetHashSalt = XML_SetHashSalt;
 #else
-    capi.SetHashSalt = NULL;
+    capi->SetHashSalt = NULL;
 #endif
 
     /* export using capsule */
-    PyObject *capi_object = PyCapsule_New(&capi, PyExpat_CAPSULE_NAME, NULL);
+    PyObject *capi_object = PyCapsule_New(capi, PyExpat_CAPSULE_NAME,
+                                          pyexpat_capsule_destructor);
     if (capi_object == NULL) {
+        PyMem_Free(capi);
         return -1;
     }
 

From 6cf91e613d7a68a20c77715f8741ad360b140262 Mon Sep 17 00:00:00 2001
From: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Date: Sat, 11 Feb 2023 13:42:46 +0530
Subject: [PATCH 2/2] add error checking

---
 Modules/pyexpat.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
index 5b2caa3459e4e7..0a744998b6c514 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -1881,7 +1881,12 @@ add_features(PyObject *mod)
 static void
 pyexpat_capsule_destructor(PyObject *capsule)
 {
-    PyMem_Free(PyCapsule_GetPointer(capsule, PyExpat_CAPSULE_NAME));
+    void *p = PyCapsule_GetPointer(capsule, PyExpat_CAPSULE_NAME);
+    if (p == NULL) {
+        PyErr_WriteUnraisable(capsule);
+        return;
+    }
+    PyMem_Free(p);
 }