gh-151763: Fix NULL deref in os._path_normpath()

[zainnadeem786]

Summary

This PR addresses OOM-0028 from gh-151763.

It fixes a NULL dereference in os__path_normpath_impl() when memory allocation fails while normalizing a bytes path.

Issue

os__path_normpath_impl() builds a Unicode result using either PyUnicode_FromOrdinal() or PyUnicode_FromWideChar().

For bytes input, the function then converts that Unicode result back to bytes using PyUnicode_EncodeFSDefault().

Before this change, the result of PyUnicode_FromWideChar() was not checked before the bytes-path encoding branch.

Under memory pressure, PyUnicode_FromWideChar() can return NULL with a pending MemoryError. The existing code could then pass that NULL value into PyUnicode_EncodeFSDefault(), causing a crash.

Fix

Add an explicit NULL check immediately after creating result and before the bytes-path encoding branch.

if (result == NULL) {
    return NULL;
}

This preserves the pending MemoryError and prevents PyUnicode_EncodeFSDefault() from receiving a NULL object.

Validation

I validated this using a CPython debug build on Windows:

PCbuild\build.bat -p x64 -c Debug

Then I used _testcapi.set_nomemory() to inject allocation failures while calling:

os.path.normpath(b"a\\..\\b\\c")

Before the fix

With the NULL guard removed, allocation index 2 crashed:

IDX 2 RC 3221225477

3221225477 is 0xC0000005, Windows STATUS_ACCESS_VIOLATION.

After the fix

With the NULL guard restored, the same allocation index returned a clean MemoryError instead of crashing:

IDX 2 RC 10 MEMORYERROR

This confirms that the failing OOM path now propagates the allocation failure instead of dereferencing NULL.

Tests

Focused ntpath tests passed:

PCbuild\amd64\python_d.exe -m unittest -v `
  test.test_ntpath.TestNtpath.test_normpath `
  test.test_ntpath.TestNtpath.test_normpath_invalid_paths `
  test.test_ntpath.NtCommonTest.test_normpath_issue5827 `
  test.test_ntpath.NtCommonTest.test_normpath_issue106242

Result:

Ran 4 tests in 0.009s
OK

I also checked the patch with:

git diff --check -- Modules/posixmodule.c

No regression test is included in this PR. The OOM reproducer depends on allocation-failure injection and allocation indexes that can be build-sensitive. The fix itself is a minimal local NULL guard.

Addresses OOM-0028 from gh-151763.

[bedevere-app]

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

[StanFromIreland]

The fix is correct.

[bedevere-app]

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

[miss-islington-app]

Thanks @zainnadeem786 for the PR, and @StanFromIreland for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13.
🐍🍒⛏🤖 I'm not a witch! I'm not a witch!

[miss-islington-app]

Thanks @zainnadeem786 for the PR, and @StanFromIreland for merging it 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖

[miss-islington-app]

Thanks @zainnadeem786 for the PR, and @StanFromIreland for merging it 🌮🎉.. I'm working now to backport this PR to: 3.15.
🐍🍒⛏🤖

[bedevere-app]

GH-152094 is a backport of this pull request to the 3.13 branch.

[bedevere-app]

GH-152095 is a backport of this pull request to the 3.14 branch.

[bedevere-app]

GH-152096 is a backport of this pull request to the 3.15 branch.

[StanFromIreland]

Merged, thanks.

[zainnadeem786]

Thanks! @StanFromIreland I really appreciate your review and guidance throughout the process. It was great working with you, and I look forward to contributing more fixes and PRs in the future.