bpo-34395: Don't free allocated memory on realloc fail in load_mark() in _pickle.c. (GH-8788)

Author: sir-sigurd

Modules/_pickle.c

@@ -6289,24 +6289,14 @@ load_mark(UnpicklerObject *self)
      */
 
     if (self->num_marks >= self->marks_size) {
-        size_t alloc;
-
-        /* Use the size_t type to check for overflow. */
-        alloc = ((size_t)self->num_marks << 1) + 20;
-        if (alloc > (PY_SSIZE_T_MAX / sizeof(Py_ssize_t)) ||
-            alloc <= ((size_t)self->num_marks + 1)) {
-            PyErr_NoMemory();
-            return -1;
-        }
-
-        Py_ssize_t *marks_old = self->marks;
-        PyMem_RESIZE(self->marks, Py_ssize_t, alloc);
-        if (self->marks == NULL) {
-            PyMem_FREE(marks_old);
-            self->marks_size = 0;
+        size_t alloc = ((size_t)self->num_marks << 1) + 20;
+        Py_ssize_t *marks_new = self->marks;
+        PyMem_RESIZE(marks_new, Py_ssize_t, alloc);
+        if (marks_new == NULL) {
             PyErr_NoMemory();
             return -1;
         }
+        self->marks = marks_new;
         self->marks_size = (Py_ssize_t)alloc;
     }