gh-143200: fix UAFs in `Element.__{set,get}item__` when the element is concurrently mutated (GH-143226)
(cherry picked from commit b6b0e14b3d)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
The result tuple was leaked if __ctypes_from_outparam__() failed for any item.
(cherry picked from commit 579c5b496b)
Signed-off-by: Yongtao Huang <yongtaoh2022@gmail.com>
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
This happened when the Counter was mutated when incrementing
the value for an existing key.
(cherry picked from commit 86d904588e)
Co-authored-by: kaushal trivedi <155625932+Kaushalt2004@users.noreply.github.com>
gh-122431: Correct the non-negative error message in `readline.append_history_file` (GH-143075)
"positive" -> "non-negative", since zero is included.
(cherry picked from commit a273bc99d2)
Co-authored-by: Zheng Yu <dataisland@outlook.com>
gh-143012: use `Py_ssize_t` cast for `PyBytes_FromStringAndSize` (GH-143013)
(cherry picked from commit 5989095dfd)
Co-authored-by: AZero13 <gfunni234@gmail.com>
gh-112127: Fix possible use-after-free in atexit.unregister() (GH-114092)
(cherry picked from commit 2b466c47c3)
Co-authored-by: Benjamin Johnson <ben332004@gmail.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
If there are many untracked tuples, the GC will run too often, resulting
in poor performance. The fix is to include untracked tuples in the
"long lived" object count. The number of frozen objects is also now
included since the free-threaded GC must scan those too.
(cherry picked from commit e38967ed60)
gh-142556: fix crash when a task gets re-registered during finalization in `asyncio` (GH-142565)
(cherry picked from commit 42d2bedb87)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
The initialization during `mod_exec` wasn't thread-safe with multiple interpreters.
(cherry picked from commit 2dac9e6016)
Co-authored-by: Alper <alperyoney@fb.com>
Added atomic operations to `scanner_begin()` and `scanner_end()` to prevent
race conditions on the `executing` flag in free-threaded builds. Also added
tests for concurrent usage of the `re` module.
Without the atomic operations, `test_scanner_concurrent_access()` triggers
`assert(self->executing)` failures, or a thread sanitizer run emits errors.
(cherry picked from commit bc9e63dd9d)
Co-authored-by: Alper <alperyoney@fb.com>
Co-authored-by: Rok Mandeljc <rok.mandeljc@gmail.com>
Co-authored-by: Mark Shannon <mark@hotpy.org>
Co-authored-by: Victor Stinner <vstinner@python.org>
* [3.14] GH-139914: Handle stack growth direction on HPPA (GH-140028)
Adapted from a patch for Python 3.14 submitted to the Debian BTS by John David Anglin https://bugs.debian.org/1105111#20
* Forgot to update test_call
* WTF typo
gh-141801: Use accessors for ASN1_STRING fields in libssl (GH-141802)
* gh-141801: Use accessors for ASN1_STRING fields
While ASN1_STRING is currently exposed, it is better to use the
accessors. See https://github.com/openssl/openssl/issues/29117 where, if
the type were opaque, OpenSSL's X509 objects could be much more
memory-efficient.
* Update Modules/_ssl.c
* Update Modules/_ssl.c
---------
(cherry picked from commit c41fce08a5)
Co-authored-by: David Benjamin <davidben@davidben.net>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Added a critical section to protect the states of `ReaderObj` and `WriterObj` in the free-threading build. Without the critical sections, both new free-threading tests were crashing.
(cherry picked from commit fb26d9c2ef)
Co-authored-by: Alper <alperyoney@fb.com>
gh-141784: Fix _remote_debugging_module.c compilation on 32-bit Linux (#141796)
Include Python.h before system headers to make sure that
_remote_debugging_module.c uses the same types (ABI) than Python.
(cherry picked from commit 722f4bb8c9)
This splits the OS API specific functionality to get the number of threads out
from the fallback Python method and warning raising code itself. This way the
OS APIs can be queried before we've run
`os.register_at_fork(after_in_parent=...)` registered functions which
themselves may (re)start threads that would otherwise be detected.
This is best effort. If the OS APIs are either unavailable or fail, the
warning generating code still falls back to looking at the Python threading
state after the CPython interpreter world has been restarted and the
after_in_parent calls have been made. The common case for most Linux and macOS
environments should work today.
This also lines up with the existing TODO refactoring, we may choose to expose
this API to get the number of OS threads in the `os` module in the future.
Note: This is a simplified backport that maintains the void return type
for warn_about_fork_with_threads() and keeps PyErr_Clear() in the warning path,
as the error handling changes from fd8f42d3d1 are not needed in 3.14.
gh-140260: fix data race in `_struct` module initialization with subinterpreters (GH-140909)
(cherry picked from commit 63548b3699)
Co-authored-by: Shamil <ashm.tech@proton.me>
gh-132657: add regression test for `PySet_Contains` with unhashable type (GH-141411)
(cherry picked from commit 2ac738d325)
Co-authored-by: M Bussonnier <bussonniermatthias@gmail.com>
Fix error in assertion which causes failure if pos is equal to PY_SSIZE_T_MAX.
Fix undefined behavior in read() and readinto() if pos is larger that the size
of the underlying buffer.
(cherry picked from commit 7d54374f9c)
Co-authored-by: Cody Maloney <cmaloney@users.noreply.github.com>
gh-100218: correctly set `errno` when `socket.if_{nametoindex,indextoname}` raise `OSError` (GH-140905)
Previously, socket.if_nametoindex() and socket.if_indextoname() could raise
an `OSError` with a `None` errno. Now, the errno from libc is propagated.
(cherry picked from commit 3ce2d57b2f)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
* Refer to bytes objects or bytes-like objects instead of strings.
* Remove backticks -- they do not have effect on formatting.
* Re-wrap lines to ensure the pydoc output fits in 80 columns.
(cherry picked from commit 610377056b)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Fix compiler warnings in remote debugging (#141060)
Example of fixed warnings on 32-bit Windows:
Python\remote_debugging.c(24,53): warning C4244: 'function':
conversion from 'uint64_t' to 'uintptr_t', possible loss of data
Modules\_remote_debugging_module.c(789,44): warning C4244:
'function': conversion from 'uint64_t' to 'size_t', possible loss
of data
(cherry picked from commit f458ac01ba)
Fix a compiler warning in _randommodule.c (GH-141058)
The test just before the cast ensures that the cast cannot overflow.
Fix the warning on 32-bit Windows:
Modules\_randommodule.c(525,28): warning C4244: '=': conversion
from 'uint64_t' to 'Py_ssize_t', possible loss of data
(cherry picked from commit 4ac16dd109)
Co-authored-by: Victor Stinner <vstinner@python.org>
It was too lenient and allowed MARK opcodes with too large value.
(cherry picked from commit 1326d2a808)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* [3.14] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234)
Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).
The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:
- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.
(cherry picked from commit f04bea44c3)
(cherry picked from commit 68a1778b77)
* [3.14] gh-140607: Validate returned byte count in RawIOBase.read (GH-140611)
While `RawIOBase.readinto` should return a count of bytes between 0 and
the length of the given buffer, it is not required to. Add validation
inside RawIOBase.read() that the returned byte count is valid.
(cherry picked from commit 0f0a362768)
Co-authored-by: Cody Maloney <cmaloney@users.noreply.github.com>
Co-authored-by: Shamil <ashm.tech@proton.me>
Co-authored-by: Victor Stinner <vstinner@python.org>
* fixup: Use older attribute name
---------
Co-authored-by: Shamil <ashm.tech@proton.me>
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.14] gh-140593: Fix a memory leak in function `my_ElementDeclHandler` of `pyexpat` (GH-140602)
Ensure that the memory allocated for the content model
passed to `my_ElementDeclHandler` is freed in all error
paths.
(cherry picked from commit e34a5e3304)
Clang-20 detects a data race between the unlock and the non-atomic
read of the lock state. Use a relaxed load for the assertion to avoid
the race.
(cherry picked from commit f11ec6e643)
Co-authored-by: Sam Gross <colesbury@gmail.com>
