gh-145376: Fix null pointer deref in md5module.c

[eendebakpt]

Avoid a null pointer deref in the case of an error path in the constructors (e.g. MD5Type_copy_impl)

Issue found using Claude.

• Issue: Various reference leaks in the core #145376

[picnixz]

I think this pattern is also present in SHA-* and other modules as it's essentially C/C a b it everywhere.

[eendebakpt]

I think this pattern is also present in SHA-* and other modules as it's essentially C/C a b it everywhere.

Not sure what C/C a b is, but the pattern is indeed the same. E.g.

cpython/Modules/sha1module.c

Line 89 in 02288bf

if (ptr->hash_state != NULL) {

There the hash_state is also set to NULL, not sure why that is.

[picnixz]

C/C a b is

it was meant to be a "C/C a bit" and I used C/C for "carbon copy" (which is essentially to mean "copy-paste" for me)

---

There the hash_state is also set to NULL, not sure why that is.

Likely to prevent a double-free (I don't know if it was me or tiran/gpshead who added this)

[picnixz]

Actually it was me in 261633b. I just forgot about the MD5 one I think.

[picnixz]

1. Please add a small NEWS entry.
2. If you find other issues in MD5, you can include them here as well. Same for SHA-*, BLAKE2 and HMAC.

[picnixz]

Oh and please also put the state to NULL just to prevent a possible double-free

Hit the wrong button

[picnixz]

This one is already part of an other PR actually.

[picnixz]

Namely: #145321.

[vstinner]

I would prefer merging PR gh-145321 first since it's older and more complete.

[eendebakpt]

Agreed. I am waiting for the other PR and will rebase accordingly.

[gpshead]

i just merged the above.

[vstinner]

The md5 change LGTM. I'm not sure that it's worth it to add a NEWS entry for this change, since it's unlikely to hit this bug in practice.

[vstinner]

I would prefer merging PR gh-145321 first since it's older and more complete.

[picnixz]

I prefer to always include a NEWS entry for crashes even if they are rare.

[vstinner]

LGTM.