cpython.git - https://github.com/python/cpython.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Python 3.9.23v3.9.23	Łukasz Langa	2025-06-03	1	-2/+2
\|
*	[3.9] gh-133767: Fix use-after-free in the unicode-escape decoder with an ↵	Serhiy Storchaka	2025-06-02	2	-0/+17
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	error handler (GH-129648) (GH-133944) (#134346) * [3.9] gh-133767: Fix use-after-free in the unicode-escape decoder with an error handler (GH-129648) (GH-133944) If the error handler is used, a new bytes object is created to set as the object attribute of UnicodeDecodeError, and that bytes object then replaces the original data. A pointer to the decoded data will became invalid after destroying that temporary bytes object. So we need other way to return the first invalid escape from _PyUnicode_DecodeUnicodeEscapeInternal(). _PyBytes_DecodeEscape() does not have such issue, because it does not use the error handlers registry, but it should be changed for compatibility with _PyUnicode_DecodeUnicodeEscapeInternal(). (cherry picked from commit 9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e) (cherry picked from commit 6279eb8c076d89d3739a6edb393e43c7929b429d) (cherry picked from commit a75953b347716fff694aa59a7c7c2489fa50d1f5) (cherry picked from commit 0c33e5baedf18ebcb04bc41dff7cfc614d5ea5fe) (cherry picked from commit 8b528cacbbde60504f6ac62784d04889d285f18b) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
*	Post 3.9.22	Łukasz Langa	2025-04-08	1	-1/+1
\|
*	Python 3.9.22v3.9.22	Łukasz Langa	2025-04-08	1	-2/+2
\|
*	Post 3.9.21	Łukasz Langa	2024-12-03	1	-1/+1
\|
*	Python 3.9.21v3.9.21	Łukasz Langa	2024-12-03	1	-2/+2
\|
*	Post 3.9.20.	Łukasz Langa	2024-09-06	1	-1/+1
\|
*	Python 3.9.20v3.9.20	Łukasz Langa	2024-09-06	1	-2/+2
\|
*	Post 3.9.19	Łukasz Langa	2024-03-19	1	-1/+1
\|
*	Python 3.9.19v3.9.19	Łukasz Langa	2024-03-19	1	-2/+2
\|
*	[3.9] gh-115398: Expose Expat >=2.6.0 reparse deferral API (CVE-2023-52425) ↵	Sebastian Pipping	2024-03-06	1	-1/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	(GH-115623) (GH-116272) Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) by adding five new methods: - `xml.etree.ElementTree.XMLParser.flush` - `xml.etree.ElementTree.XMLPullParser.flush` - `xml.parsers.expat.xmlparser.GetReparseDeferralEnabled` - `xml.parsers.expat.xmlparser.SetReparseDeferralEnabled` - `xml.sax.expatreader.ExpatParser.flush` Based on the "flush" idea from https://github.com/python/cpython/pull/115138#issuecomment-1932444270 . Includes code suggested-by: Snild Dolkow <snild@sony.com> and by core dev Serhiy Storchaka. Co-authored-by: Gregory P. Smith <greg@krypto.org>
*	Post 3.9.18	Łukasz Langa	2023-08-24	1	-1/+1
\|
*	Python 3.9.18v3.9.18	Łukasz Langa	2023-08-24	1	-2/+2
\|
*	Post 3.9.17	Łukasz Langa	2023-06-06	1	-1/+1
\|
*	Python 3.9.17v3.9.17	Łukasz Langa	2023-06-06	1	-2/+2
\|
*	Post 3.9.16	Łukasz Langa	2022-12-06	1	-1/+1
\|
*	Python 3.9.16v3.9.16	Łukasz Langa	2022-12-06	1	-2/+2
\|
*	Post 3.9.15	Łukasz Langa	2022-10-11	1	-1/+1
\|
*	Python 3.9.15v3.9.15	Łukasz Langa	2022-10-11	1	-2/+2
\|
*	Post 3.9.14	Łukasz Langa	2022-09-06	1	-1/+1
\|
*	Python 3.9.14v3.9.14	Łukasz Langa	2022-09-06	1	-2/+2
\|
*	[3.9] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96502)	Gregory P. Smith	2022-09-05	3	-0/+53
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Correctly pre-check for int-to-str conversion (#96537) Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =) The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact. The justification for the current check. The C code check is: ```c max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10 ``` In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is: $$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$ From this it follows that $$\frac{M}{3L} < \frac{s-1}{10}$$ hence that $$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$ So $$2^{L(s-1)} > 10^M.$$ But our input integer $a$ satisfies $\|a\| \ge 2^{L(s-1)}$, so $\|a\|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check. <!-- gh-issue-number: gh-95778 --> * Issue: gh-95778 <!-- /gh-issue-number --> Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org> Co-authored-by: Christian Heimes <christian@python.org> Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
*	gh-93065: Fix HAMT to iterate correctly over 7-level deep trees (GH-93066) ↵	Miss Islington (bot)	2022-05-24	1	-1/+13
\| \| \| \| \| \| \| \| \| \| \| \|	(#93147) Also while there, clarify a few things about why we reduce the hash to 32 bits. Co-authored-by: Eli Libman <eli@hyro.ai> Co-authored-by: Yury Selivanov <yury@edgedb.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl> (cherry picked from commit c1f5c903a7e4ed27190488f4e33b00d3c3d952e5)
*	Post 3.9.13	Łukasz Langa	2022-05-17	1	-1/+1
\|
*	Python 3.9.13v3.9.13	Łukasz Langa	2022-05-17	1	-2/+2
\|
*	Post 3.9.12	Łukasz Langa	2022-03-24	1	-1/+1
\|
*	Python 3.9.12v3.9.12	Łukasz Langa	2022-03-23	1	-2/+2
\|
*	Post 3.9.11, take two	Łukasz Langa	2022-03-16	1	-1/+1
\|
*	Python 3.9.11, take twov3.9.11	Łukasz Langa	2022-03-16	1	-1/+1
\|
*	Post 3.9.11	Łukasz Langa	2022-03-15	1	-1/+1
\|
*	Python 3.9.11	Łukasz Langa	2022-03-15	1	-2/+2
\|
*	Post 3.9.10	Łukasz Langa	2022-01-14	1	-1/+1
\|
*	Python 3.9.10v3.9.10	Łukasz Langa	2022-01-13	1	-2/+2
\|
*	bpo-39026: Fix Python.h when building with Xcode (GH-29488) (GH-29776)	Victor Stinner	2021-11-26	2	-4/+1
\| \| \| \| \| \|	Fix Python.h to build C extensions with Xcode: remove a relative include from Include/cpython/pystate.h. (cherry picked from commit 4ae26b9c1d0c33e3db92c6f305293f9240dea358)
*	[3.9] bpo-45806: Fix recovery from stack overflow for 3.9. Again. (GH-29640)	Mark Shannon	2021-11-19	1	-16/+0
\| \| \|	Co-authored-by: Łukasz Langa <lukasz@langa.pl>
*	Post 3.9.9	Łukasz Langa	2021-11-15	1	-1/+1
\|
*	Python 3.9.9v3.9.9	Łukasz Langa	2021-11-15	1	-2/+2
\|
*	Post 3.9.8	Łukasz Langa	2021-11-05	1	-1/+1
\|
*	Python 3.9.8v3.9.8	Łukasz Langa	2021-11-05	1	-2/+2
\|
*	bpo-45467: Fix IncrementalDecoder and StreamReader in the ↵	Serhiy Storchaka	2021-10-14	1	-0/+8
\| \| \| \| \| \| \| \| \| \|	"raw-unicode-escape" codec (GH-28944) (GH-28953) They support now splitting escape sequences between input chunks. Add the third parameter "final" in codecs.raw_unicode_escape_decode(). It is True by default to match the former behavior. (cherry picked from commit 39aa98346d5dd8ac591a7cafb467af21c53f1e5d)
*	[3.9] bpo-45461: Fix IncrementalDecoder and StreamReader in the ↵	Serhiy Storchaka	2021-10-14	1	-1/+9
\| \| \| \| \| \| \| \| \| \| \| \|	"unicode-escape" codec (GH-28939) (GH-28945) They support now splitting escape sequences between input chunks. Add the third parameter "final" in codecs.unicode_escape_decode(). It is True by default to match the former behavior. (cherry picked from commit c96d1546b11b4c282a7e21737cb1f5d16349656d) Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
*	[3.9] Fix typos in the Include directory (GH-28745) (GH-28788)	Christian Clauss	2021-10-07	4	-5/+5
\| \| \|	(cherry picked from commit 8e8f7522171ef82f2f5049940f815e00e38c6f42)
*	[3.9] Remove trailing spaces (GH-28710)	Serhiy Storchaka	2021-10-03	1	-1/+1
\|
*	closes bpo-44751: Move crypt.h include from public header to _cryptmodule ↵	Miss Islington (bot)	2021-09-29	1	-13/+0
\| \| \| \| \| \| \| \|	(GH-27394) Automerge-Triggered-By: GH:benjaminp (cherry picked from commit 196998e220d6ca030e5a1c8ad63fcaed8e049a98) Co-authored-by: Geoffrey Thomas <geofft@ldpreload.com>
*	[3.9] [codemod] Fix non-matching bracket pairs (GH-28473) (GH-28512)	Łukasz Langa	2021-09-22	1	-1/+1
\| \| \| \| \| \| \| \|	Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl>. (cherry picked from commit 8f943ca25732d548cf9f0b0393ba8d582fb93e29) Co-authored-by: Mohamad Mansour <66031317+mohamadmansourX@users.noreply.github.com>
*	[3.9] bpo-45083: Include the exception class qualname when formatting an ↵	Miss Islington (bot)	2021-09-03	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \|	exception (GH-28119) (GH-28135) * bpo-45083: Include the exception class qualname when formatting an exception (GH-28119) Co-authored-by: Erlend Egeberg Aasland <erlend.aasland@innova.no> (cherry picked from commit b4b6342848ec0459182a992151099252434cc619) Co-authored-by: Irit Katriel <1055913+iritkatriel@users.noreply.github.com> Co-authored-by: Łukasz Langa <lukasz@langa.pl>
*	Post 3.9.7	Łukasz Langa	2021-08-30	1	-1/+1
\|
*	Python 3.9.7v3.9.7	Łukasz Langa	2021-08-30	1	-2/+2
\|
*	bpo-44184: Fix subtype_dealloc() for freed type (GH-26274)	Miss Islington (bot)	2021-07-15	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Don't read type memory after calling basedealloc() since basedealloc() can deallocate the type and free its memory. _PyMem_IsPtrFreed() argument is now constant. (cherry picked from commit 615069eb08494d089bf24e43547fbc482ed699b8) Co-authored-by: Victor Stinner <vstinner@python.org>
*	Post 3.9.6	Łukasz Langa	2021-06-28	1	-1/+1
\|