gh-144833: Fix use-after-free in SSL module when SSL_new() fails (GH-144843)
In newPySSLSocket(), when SSL_new() returns NULL, Py_DECREF(self)
was called before _setSSLError(get_state_ctx(self), ...), causing
a use-after-free. Additionally, get_state_ctx() was called with
self (PySSLSocket*) instead of sslctx (PySSLContext*), which is
a type confusion bug.
Fix by calling _setSSLError() before Py_DECREF() and using
sslctx instead of self for get_state_ctx().
(cherry picked from commit c91638ca06)
Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
[3.14] gh-144551: Update CI to use latest OpenSSL versions
Also update _ssl_data_35.h to include an added symbol from 3.5.5.
(cherry picked from commit b933ef9261)
Lookup for CJK ideograms and Hangul syllables is now case-insensitive,
as is the case for other character names.
(cherry picked from commit e66f4a5a9c)
Co-authored-by: James <snoopjedi@gmail.com>
This was causing ucd_3_2_0.numeric() to pick up only decimal
changes between Unicode 3.2.0 and the current version.
(cherry picked from commit 3e0322ff16)
Co-authored-by: William Meehan <wmeehan@fb.com>
gh-144629: Add test for the PyFunction_GetAnnotations() function (GH-144630)
(cherry picked from commit cc81707e40)
Co-authored-by: Nybblista <170842536+nybblista@users.noreply.github.com>
(cherry picked from commit d5cb9f6a9b)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
* gh-140414: add fastpath for current running loop in `asyncio.all_tasks` (GH-140542)
Optimize `asyncio.all_tasks()` for the common case where the event loop is running in the current thread by avoiding stop-the-world pauses and locking.
This optimization is already present for `asyncio.current_task()` so we do the same for `asyncio.all_tasks()`.
(cherry picked from commit 95e5d59630)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
gh-142555: Fix null pointer dereference in array.__setitem__ via re-entrant __index__ (GH-142713)
(cherry picked from commit 39f16a93ef)
Co-authored-by: AN Long <aisk@users.noreply.github.com>
gh-144100: Fix crash for POINTER(str) used in ctypes argtypes (GH-144108)
(cherry picked from commit 8f459255eb)
Co-authored-by: VanshAgarwal24036 <148854295+VanshAgarwal24036@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.14] gh-144023: Prevent follow_symlinks from being allowed with an fd of 0 (GH-144022)
The check was (fd > 0), should be (fd >= 0).
(cherry picked from commit fa44efa0ef)
Co-authored-by: AZero13 <gfunni234@gmail.com>
Update struct.__doc__: _Bool available unconditionally (GH-143716)
This amends commit a9296e7f3b.
(cherry picked from commit 31c81ab0a2)
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
gh-143674: Document F/D complex format characters in struct module (GH-143675)
Add documentation for the F (complex from two floats) and D (complex
from two doubles) format characters in the struct module docstring.
These format characters were implemented but not documented.
(cherry picked from commit 3e93225798)
Co-authored-by: Muneeb Ullah <moneebullah25@gmail.com>
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
gh-143880: Fix data race in `functools.partial` in free threading build
The assignment to `pto->vectorcall` isn't thread-safe in the free
threading build. Note that this is already fixed in the main branch.
gh-143249: Fix buffer leak when overlapped operation fails to start on windows (GH-143250)
(cherry picked from commit 103a384bfd)
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
The internal encoder object returned by undocumented function
json.encoder.c_make_encoder() (aka _json.make_encoder()) crashed
when it was called with non-zero second argument.
(cherry picked from commit c559135c93)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-143544: Fix possible use-after-free in the JSON decoder when JSONDecodeError disappears during raising it (GH-143561)
(cherry picked from commit c315748060)
Co-authored-by: VanshAgarwal24036 <148854295+VanshAgarwal24036@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Previously, this could cause crash or data corruption, now concurrent calls
of methods of the same object raise RuntimeError.
(cherry picked from commit d1282efb2b)
gh-143191: Use _PyOS_MIN_STACK_SIZE in _thread.stack_size() (GH-143601)
The stack size must be at least _PyOS_MIN_STACK_SIZE+SYSTEM_PAGE_SIZE
bytes.
(cherry picked from commit ba10100c39)
Co-authored-by: Victor Stinner <vstinner@python.org>
PyObject_GetBuffer() can execute user code (e.g. via __buffer__), which may
close or otherwise mutate a BytesIO object while write() or writelines()
is in progress. This could invalidate the internal buffer and lead to a
use-after-free.
Ensure that PyObject_GetBuffer() is called before validation checks.
(cherry picked from commit 6d54b6ac7d)
Co-authored-by: zhong <60600792+superboy-zjc@users.noreply.github.com>
gh-143429: Use compile-time NaN encoding detection for test_struct (GH-143432)
(cherry picked from commit dcdb23f9db)
Co-authored-by: Henry Chen <chenx97@aosc.io>
gh-143309: fix UAF in `os.execve` when the environment is concurrently mutated (GH-143314)
(cherry picked from commit 9609574e7f)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
gh-143200: fix UAFs in `Element.__{set,get}item__` when the element is concurrently mutated (GH-143226)
(cherry picked from commit b6b0e14b3d)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
The result tuple was leaked if __ctypes_from_outparam__() failed for any item.
(cherry picked from commit 579c5b496b)
Signed-off-by: Yongtao Huang <yongtaoh2022@gmail.com>
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
This happened when the Counter was mutated when incrementing
the value for an existing key.
(cherry picked from commit 86d904588e)
Co-authored-by: kaushal trivedi <155625932+Kaushalt2004@users.noreply.github.com>
gh-122431: Correct the non-negative error message in `readline.append_history_file` (GH-143075)
"positive" -> "non-negative", since zero is included.
(cherry picked from commit a273bc99d2)
Co-authored-by: Zheng Yu <dataisland@outlook.com>
gh-143012: use `Py_ssize_t` cast for `PyBytes_FromStringAndSize` (GH-143013)
(cherry picked from commit 5989095dfd)
Co-authored-by: AZero13 <gfunni234@gmail.com>
gh-112127: Fix possible use-after-free in atexit.unregister() (GH-114092)
(cherry picked from commit 2b466c47c3)
Co-authored-by: Benjamin Johnson <ben332004@gmail.com>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
If there are many untracked tuples, the GC will run too often, resulting
in poor performance. The fix is to include untracked tuples in the
"long lived" object count. The number of frozen objects is also now
included since the free-threaded GC must scan those too.
(cherry picked from commit e38967ed60)
gh-142556: fix crash when a task gets re-registered during finalization in `asyncio` (GH-142565)
(cherry picked from commit 42d2bedb87)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
The initialization during `mod_exec` wasn't thread-safe with multiple interpreters.
(cherry picked from commit 2dac9e6016)
Co-authored-by: Alper <alperyoney@fb.com>
