[3.14] gh-137109: refactor warning about threads when forking (GH-141438) (GH-141614)
This splits the OS API specific functionality to get the number of threads out
from the fallback Python method and warning raising code itself. This way the
OS APIs can be queried before we've run
`os.register_at_fork(after_in_parent=...)` registered functions which
themselves may (re)start threads that would otherwise be detected.
This is best effort. If the OS APIs are either unavailable or fail, the
warning generating code still falls back to looking at the Python threading
state after the CPython interpreter world has been restarted and the
after_in_parent calls have been made. The common case for most Linux and macOS
environments should work today.
This also lines up with the existing TODO refactoring, we may choose to expose
this API to get the number of OS threads in the `os` module in the future.
Note: This is a simplified backport that maintains the void return type
for warn_about_fork_with_threads() and keeps PyErr_Clear() in the warning path,
as the error handling changes from fd8f42d3d1 are not needed in 3.14.
(cherry picked from commit 0d8fb0b852)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Fix error in assertion which causes failure if pos is equal to PY_SSIZE_T_MAX.
Fix undefined behavior in read() and readinto() if pos is larger that the size
of the underlying buffer.
(cherry picked from commit 7d54374f9c)
gh-132657: add regression test for `PySet_Contains` with unhashable type (GH-141411)
(cherry picked from commit 2ac738d325)
Co-authored-by: M Bussonnier <bussonniermatthias@gmail.com>
Previously, socket.if_nametoindex() and socket.if_indextoname() could raise
an `OSError` with a `None` errno. Now, the errno from libc is propagated.
(cherry picked from commit 3ce2d57b2f)
* Refer to bytes objects or bytes-like objects instead of strings.
* Remove backticks -- they do not have effect on formatting.
* Re-wrap lines to ensure the pydoc output fits in 80 columns.
(cherry picked from commit 610377056b)
(cherry picked from commit 1a080199af)
Fix a compiler warning in _randommodule.c (GH-141058)
The test just before the cast ensures that the cast cannot overflow.
Fix the warning on 32-bit Windows:
Modules\_randommodule.c(525,28): warning C4244: '=': conversion
from 'uint64_t' to 'Py_ssize_t', possible loss of data
(cherry picked from commit 4ac16dd109)
Co-authored-by: Victor Stinner <vstinner@python.org>
It was too lenient and allowed MARK opcodes with too large value.
(cherry picked from commit 1326d2a808)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
* gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (#139234)
Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).
The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:
- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.
(cherry picked from commit f04bea44c3)
(cherry picked from commit 68a1778b77)
* [3.13] gh-140607: Validate returned byte count in RawIOBase.read (GH-140611)
While `RawIOBase.readinto` should return a count of bytes between 0 and
the length of the given buffer, it is not required to. Add validation
inside RawIOBase.read() that the returned byte count is valid.
(cherry picked from commit 0f0a362768)
Co-authored-by: Cody Maloney <cmaloney@users.noreply.github.com>
Co-authored-by: Shamil <ashm.tech@proton.me>
Co-authored-by: Victor Stinner <vstinner@python.org>
* fixup: Use older attribute name
---------
Co-authored-by: Shamil <ashm.tech@proton.me>
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.13] gh-140593: Fix a memory leak in function `my_ElementDeclHandler` of `pyexpat` (GH-140602)
Ensure that the memory allocated for the content model
passed to `my_ElementDeclHandler` is freed in all error
paths.
(cherry picked from commit e34a5e3304)
* [3.13] gh-102431: Clarify constraints on operands of Decimal logical operations (GH-102836)
Sync C/Python implementation of the decimal: logical_ops for contexts.
(cherry picked from commit 6ecf77dbde)
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
* [3.13] gh-139748: fix leaks in AC error paths when using unicode FS-based converters (GH-139765)
(cherry picked from commit b04a57deef)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Passing a negative or zero size to `cursor.fetchmany()` made it fetch all rows
instead of none.
While this could be considered a security vulnerability, it was decided to treat
this issue as a regular bug as passing a non-sanitized *size* value in the first
place is not recommended.
(cherry picked from commit bc172ee830)
Within libexpat, a parser created via `XML_ExternalEntityParserCreate`
is relying on its parent parser throughout its entire lifetime.
Prior to this fix, is was possible for the parent parser to be
garbage-collected too early.
(cherry picked from commit 6edb2ddb5f)
On some macOS versions there was an off-by-one error in wcsxfrm() which
caused writing past the end of the array if its size was not calculated
by running wcsxfrm() first.
(cherry picked from commit 5854cf38a2)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Ronald Oussoren <ronaldoussoren@mac.com>
(cherry picked from commit 64c876dd68)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
The 'row' parameter represents a ROWID. Clarify this in docs and docstrings.
(cherry picked from commit 8eb106240f)
Co-authored-by: chiri <chirizxc@proton.me>
Handle ECANCELED in the same way as EINTR to work around the Posix
violation in the NetBSD's implementation.
(cherry picked from commit 07d0b95b05)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
This allows to support device numbers larger than 2**63-1.
(cherry picked from commit 43013f72f0)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-138659: Typo in the gc module docstring (GH-138660)
docs(gc): fix typo in get_threshold() docstring
Removes a duplicate "the" from the docstring for the `gc.get_threshold()` function.
(cherry picked from commit c006a623e7)
Co-authored-by: Aalaap Dey <65075436+axdeyy@users.noreply.github.com>
fix comment reference from man 7 signal to man 7 signal-safety (GH-138554)
(cherry picked from commit 2f5ace780b)
docs: fix comment reference from man 7 signal to man 7 signal-safety
Co-authored-by: mqudah <mohghq@gmail.com>
[3.14] gh-116946: fully implement GC protocol for `_curses_panel.panel` (GH-138333)
This commit fixes possible reference loops via `panel.set_userptr`
by implementing `tp_clear` and `tp_traverse` for panel objects.
(cherry picked from commit 572df47840)
It should interpret the result of wcsxfrm() as a sequence of abstract
integers, not a sequence of Unicode code points or using other encoding
scheme that does not preserve ordering.
(cherry picked from commit 482fd0c811)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
The csv.register_dialect() docstring no longer imply that it returns a
dialect.
All functions have now signatures.
(cherry picked from commit aa1dbd4dde)
Co-authored-by: maurycy <5383+maurycy@users.noreply.github.com>
* [3.13] gh-87135: Hang non-main threads that attempt to acquire the GIL during finalization (GH-105805)
Instead of surprise crashes and memory corruption, we now hang threads that attempt to re-enter the Python interpreter after Python runtime finalization has started. These are typically daemon threads (our long standing mis-feature) but could also be threads spawned by extension modules that then try to call into Python. This marks the `PyThread_exit_thread` public C API as deprecated as there is no plausible safe way to accomplish that on any supported platform in the face of things like C++ code with finalizers anywhere on a thread's stack. Doing this was the least bad option.
(cherry picked from commit 8cc5aa47ee)
Co-authored-by: Jeremy Maitin-Shepard <jeremy@jeremyms.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
* state "3.13.7 and earlier"
* backport: do not add the deprecated marker
* fix Py_IsFinalizing doc ref
---------
Co-authored-by: Jeremy Maitin-Shepard <jeremy@jeremyms.com>
* Return large limit values as positive integers instead of negative integers
in resource.getrlimit().
* Accept large values and reject negative values (except RLIM_INFINITY)
for limits in resource.setrlimit().
(cherry picked from commit baefaa6cba)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
