Hold strong references to borrowed items unconditionally (not only in
free-threading builds) in _encoder_iterate_mapping_lock_held and
_encoder_iterate_fast_seq_lock_held. User callbacks invoked during
encoding can mutate or clear the underlying container, invalidating
borrowed references.
The dict iteration path was already fixed by gh-145244.
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
test_interpreters: use errno.EBADF instead of hardcoded number in _close_file()
Replace the hardcoded `9` check in `Lib/test/test_interpreters/utils.py` with `errno.EBADF`.
Using `errno.EBADF` makes the helper portable across platforms with different errno numbering while preserving the intended behavior.
In encoder_encode_key_value(), key is a borrowed reference from
PyDict_Next(). If the default callback mutates or clears the dict,
key becomes a dangling pointer. The error path then calls
_PyErr_FormatNote("%R", key) on freed memory.
Fix by holding strong references to key and value unconditionally
during encoding, not just in the free-threading build.
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
When a custom iterator calls next() on the same csv.reader from
within __next__, the inner iteration sets self->fields to NULL.
The outer iteration then crashes in parse_save_field() by passing
NULL to PyList_Append.
Add a guard after PyIter_Next() to detect that fields was set to
NULL by a re-entrant call, and raise csv.Error instead of crashing.
## Summary
- Move the `runtime->initialized = 1` store from before `site.py` import to the end of `init_interp_main()`, so `Py_IsInitialized()` only returns true after initialization has fully completed
- Access `initialized` and `core_initialized` through new inline accessors using acquire/release atomics, to also protect from data race undefined behavior
- `PySys_AddAuditHook()` now uses the accessor, so with the flag move it correctly skips audit hook invocation during all init phases (matching the documented "after runtime initialization" behavior) ... We could argue that running these earlier would be good even if the intent was never explicitly expressed, but that'd be its own issue.
## Motivation
`Py_IsInitialized()` returned 1 while `Py_InitializeEx()` was still running — specifically, before `site.py` had been imported. See https://github.com/PyO3/pyo3/issues/5900 where a second thread could acquire the GIL and start executing Python with an incomplete `sys.path` because `site.py` hadn't finished.
The flag was also a plain `int` with no atomic operations, making concurrent reads a C-standard data race, though unlikely to manifest.
## Regression test:
The added test properly fails on `main` with `ERROR: Py_IsInitialized() was true during site import`.
---
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fix json serialization: no longer call str(obj) on str subclasses.
Replace PyUnicodeWriter_WriteStr() with PyUnicodeWriter_WriteASCII()
and private _PyUnicodeWriter_WriteStr().
There are newly documented restrictions on tp_traverse:
The traversal function must not have any side effects.
It must not modify the reference counts of any Python
objects nor create or destroy any Python objects.
* Add several functions that are guaranteed side-effect-free,
with a _DuringGC suffix.
* Use these in ctypes
* Consolidate tp_traverse docs in gcsupport.rst, moving unique
content from typeobj.rst there
Co-authored-by: Lysandros Nikolaou <lisandrosnik@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
clearEntries() only freed the top currentProfilerContext but did not
walk the previous linked list. When clear() is called during active
profiling with nested calls, all contexts except the top one were
leaked. Fix by iterating the entire linked list, matching the existing
freelistProfilerContext cleanup pattern.
Co-authored-by: Victor Stinner <vstinner@python.org>
Use negative lookahead in option regex to prevent backtracking, and to avoid changing logic outside the regexes (since people could use the regex directly).
Account for the display width of Unicode characters so that colors and underlining in traceback output is correct.
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Victor Stinner <vstinner@python.org>
Avoid embedding the parent's sys.argv into the forkserver -c command
string via repr(). When sys.argv is large (e.g. thousands of file
paths from a pre-commit hook), the resulting single argument could
exceed the OS per-argument length limit (MAX_ARG_STRLEN on Linux,
typically 128 KiB), causing posix_spawn to fail and the parent to
observe a BrokenPipeError.
Instead, append the argv entries as separate command-line arguments
after -c; the forkserver child reads them back as sys.argv[1:]. This
cannot exceed any limit the parent itself did not already satisfy.
Regression introduced by gh-143706 / 298d5440eb.
Open web browser with absolute path
On macOS, web browsers are opened via popen calling osascript. However,
if a user has a colliding osascript executable earlier in their PATH,
this may fail or cause unwanted behaviour.
Depending on one's environment or level of paranoia, this may be considered a security vulnerability.
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
PyREPL was still carrying over two readline-specific tricks from the
fancy completer: a synthetic CSI prefix to influence sorting and a fake
blank completion entry to suppress readline's prefix insertion. Those
workarounds are not appropriate in PyREPL because the reader already
owns completion ordering and menu rendering, so the fake entries leaked
into the UI as real terminal attributes and empty menu cells.
Sort completion candidates in ReadlineAlikeReader by their visible text
with stripcolor(), and let the fancy completer return only real matches.
That keeps colored completions stable without emitting bogus escape
sequences, removes the empty completion slot, and adds regression tests
for both the low-level completer output and the reader integration.
