bpo-41175: Guard against a NULL pointer dereference within bytearrayobject (GH-21240)

The issue is triggered by the bytearray() + bytearray() operation.

Detected by GCC 10 static analysis tool.
(cherry picked from commit 61fc23ca106bc82955b0e59d1ab42285b94899e2)

Co-authored-by: stratakis <cstratak@redhat.com>

2 files changed, 5 insertions, 1 deletions

diff --git a/Misc/NEWS.d/next/Core and Builtins/2020-06-30-20-17-31.bpo-41175.acJoXB.rst b/Misc/NEWS.d/next/Core and Builtins/2020-06-30-20-17-31.bpo-41175.acJoXB.rst
new file mode 100644
index 00000000000..844fb804c0c
--- /dev/null
+++ b/Misc/NEWS.d/next/Core and Builtins/2020-06-30-20-17-31.bpo-41175.acJoXB.rst
@@ -0,0 +1,2 @@
+Guard against a NULL pointer dereference within bytearrayobject triggered by
+the ``bytearray() + bytearray()`` operation.
diff --git a/Objects/bytearrayobject.c b/Objects/bytearrayobject.c
index 5a803be6277..97d7796769f 100644
--- a/Objects/bytearrayobject.c
+++ b/Objects/bytearrayobject.c
@@ -273,7 +273,9 @@ PyByteArray_Concat(PyObject *a, PyObject *b)
 
     result = (PyByteArrayObject *) \
         PyByteArray_FromStringAndSize(NULL, va.len + vb.len);
-    if (result != NULL) {
+    // result->ob_bytes is NULL if result is an empty string:
+    // if va.len + vb.len equals zero.
+    if (result != NULL && result->ob_bytes != NULL) {
         memcpy(result->ob_bytes, va.buf, va.len);
         memcpy(result->ob_bytes + va.len, vb.buf, vb.len);
     }