| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
| |
PyAST_mod2obj call. (GH-113035) (GH-113472) (GH-113476)
(cherry picked from commit 48c49739f5502fc7aa82f247ab2e4d7b55bdca62)
(cherry picked from commit d58a5f453f59f44ccf09b1a9b11a0b879ac6f35b)
Co-authored-by: Yilei Yang <yileiyang@google.com>
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
(GH-110832) (#110939)
(cherry picked from commit a1ac5590e0f8fe008e5562d22edab65d0c1c5507)
Co-authored-by: Filipe Laíns <lains@riseup.net>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#109272)
gh-108987: Fix _thread.start_new_thread() race condition (#109135)
Fix _thread.start_new_thread() race condition. If a thread is created
during Python finalization, the newly spawned thread now exits
immediately instead of trying to access freed memory and lead to a
crash.
thread_run() calls PyEval_AcquireThread() which checks if the thread
must exit. The problem was that tstate was dereferenced earlier in
_PyThreadState_Bind() which leads to a crash most of the time.
Move _PyThreadState_CheckConsistency() from thread_run() to
_PyThreadState_Bind().
(cherry picked from commit 517cd82ea7d01b344804413ef05610934a43a241)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(#109134)
gh-104690: thread_run() checks for tstate dangling pointer (#109056)
thread_run() of _threadmodule.c now calls
_PyThreadState_CheckConsistency() to check if tstate is a dangling
pointer when Python is built in debug mode.
Rename ceval_gil.c is_tstate_valid() to
_PyThreadState_CheckConsistency() to reuse it in _threadmodule.c.
(cherry picked from commit f63d37877ad166041489a968233b57540f8456e8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(GH-108824) (#108832)
[3.12] gh-63760: Don't declare gethostname() on Solaris (GH-108817) (GH-108824)
gh-63760: Don't declare gethostname() on Solaris (GH-108817)
Since 2005, Solaris defines gethostname(). socketmodule.c no longer
has to define gethostname() for Solaris.
Oracle Solaris and OpenSolaris have patches to remove the
gethostname() definition in Python:
* https://github.com/oracle/solaris-userland/blob/master/components/python/python37/patches/15-gethostname.patch
* https://github.com/OpenIndiana/oi-userland/blob/oi/hipster/components/python/python37/patches/15-gethostname.patch
* https://github.com/omniosorg/omnios-build/blob/master/build/python27/patches/24-gethostname.patch
(cherry picked from commit 7269916cd7b89b5e6f20bfe83ebe1038bda56b4b)
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Jakub Kulík <Kulikjak@gmail.com>
(cherry picked from commit 0e6d582b3b73a88e71cae04327b31a1ee203722c)
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| | |
|
| | |
|
| |
|
| |
Co-authored-by: Finn Womack <flan313@gmail.com>
|
| |
|
|
|
|
|
| |
3.10 (GH-107227) (GH-107261)
(cherry picked from commit 698b01513550798886add5e06a1c3f9a89d7dfc6)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
(GH-106768) (GH-106855) (GH-106863)
[3.11] [3.12] gh-86493: Fix possible leaks in some modules initialization (GH-106768) (GH-106855)
Fix _ssl, _stat, _testinternalcapi, _threadmodule, cmath, math, posix, time.
(cherry picked from commit 3e65baee72131b49f4ce8ca2da568a6f2001ce93).
(cherry picked from commit a423ddbdeada8a2fd8657453b9e9f58ba0dd921d)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
(GH-104107) (#104260)
gh-104018: remove unused format "z" handling in string formatfloat() (GH-104107)
This is a cleanup overlooked in PR GH-104033.
(cherry picked from commit 69621d1b09c996e43a1e13d2fa4c317d3dd4d738)
Co-authored-by: John Belmonte <john@neggie.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several platforms don't define the static_assert macro despite having
compiler support for the _Static_assert keyword. The macro needs to be
defined since it is used unconditionally in the Python code. So it
should always be safe to define it if undefined and not in C++11 (or
later) mode.
Hence, remove the checks for particular platforms or libc versions,
and just define static_assert anytime it needs to be defined but isn't.
That way, all platforms that need the fix will get it, regardless of
whether someone specifically thought of them.
Also document that certain macOS versions are among the platforms that
need this.
The C2x draft (currently expected to become C23) makes static_assert
a keyword to match C++. So only define the macro for up to C17.
(cherry picked from commit 96e1901a59ed3bb6188743d60395666969a3ba42)
Co-authored-by: Joshua Root <jmr@macports.org>
Co-authored-by: Victor Stinner <vstinner@python.org>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
subtypes (GH-101038) (#101219)
gh-101037: Fix potential memory underallocation for zeros of int subtypes (GH-101038)
This PR fixes object allocation in long_subtype_new to ensure that there's at least one digit in all cases, and makes sure that the value of that digit is copied over from the source long.
Needs backport to 3.11, but not any further: the change to require at least one digit was only introduced for Python 3.11.
Fixes GH-101037.
(cherry picked from commit 401fdf9c851eb61229250ebffa942adca99b36d1)
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
| |
segmentation fault (GH-100182) (#100478)
(cherry picked from commit 88d565f32a709140664444c6dea20ecd35a10e94)
Co-authored-by: Bill Fisher <william.w.fisher@gmail.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
(#99573)
Revert "gh-98724: Fix Py_CLEAR() macro side effects (#99100) (#99288)"
This reverts commit 108289085719db8b227d65ce945e806f91be8f80.
|
| |
|
|
|
|
|
|
|
| |
The Py_CLEAR(), Py_SETREF() and Py_XSETREF() macros now only evaluate
their argument once. If an argument has side effects, these side
effects are no longer duplicated.
Add test_py_clear() and test_py_setref() unit tests to _testcapi.
(cherry picked from commit c03e05c2e72f3ea5e797389e7d1042eef85ad37a)
|
| |
|
|
|
| |
When merging the v3.11.0 tag into 3.11, some files were incorrectly updated and some others were not properly deleted.
Automerge-Triggered-By: GH:pablogsal
|
| |\
| |
| |
| | |
Python 3.11.0
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
(cherry picked from commit db39050396a104c73d0da473a2f00a62f9dfdfaa)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
|
| |/ |
|
| | |
|
| |
|
| |
Co-authored-by: Michael Droettboom <mdboom@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)
The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.
The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```
In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$
From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
(cherry picked from commit b126196838bbaf5f4d35120e0e6bcde435b0b480)
Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.
This PR comes fresh from a pile of work done in our private PSRT security response team repo.
This backports https://github.com/python/cpython/pull/96499 aka 511ca9452033ef95bc7d7fc404b8161068226002
Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).
<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->
I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
|
| |
|
|
|
| |
(cherry picked from commit d21d2f0793ce32d72759d5cfc11622d13e3e6b81)
Co-authored-by: Matthias Görgens <matthias.goergens@gmail.com>
|
| |
|
|
|
| |
(cherry picked from commit 8281cbddc6f0fbc94f0c21cacfac79a2d4057a4b)
Co-authored-by: fluesvamp <105884371+fluesvamp@users.noreply.github.com>
|
| | |
|
| | |
|
| |
|
|
|
| |
(cherry picked from commit 42b102bbf9a9ae6fae8f6710202fb7afeeac277c)
Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
|
| |
|
|
|
| |
(GH-95246). (#95256)" (#95647)
This reverts commit 7f731943393d57cf26ed5f2353e6e53084cd55fd.
|
| |
|
|
|
|
| |
Co-authored-by: Brett Cannon <brett@python.org>.
(cherry picked from commit 0fe645d6fd22a6f57e777a29e65cf9a4ff9785ae)
Co-authored-by: Christian Heimes <christian@python.org>
|
| |
|
|
|
|
|
| |
(cherry picked from commit b8b2990fb3218cffedfe7bc92e9e7ae2275b3c98)
Co-authored-by: Mark Shannon <mark@hotpy.org>
Co-authored-by: Mark Shannon <mark@hotpy.org>
|
| |
|
|
|
|
|
|
| |
(GH-95208)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
(cherry picked from commit 00474472944944b346d8409cfded84bb299f601a)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
|
| | |
|
