Replace hardcoded 5 seconds with support.SHORT_TIMEOUT.
Fix the following error on slow CI such as GitHub Action UBSan:
test test_pyrepl failed -- Traceback (most recent call last):
File "Lib/test/test_pyrepl/test_unix_console.py", line 362, in test_repl_eio
_, err = proc.communicate(timeout=5) # sleep for pty to settle
~~~~~~~~~~~~~~~~^^^^^^^^^^^
File "Lib/subprocess.py", line 1219, in communicate
stdout, stderr = self._communicate(input, endtime, timeout)
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
File "Lib/subprocess.py", line 2126, in _communicate
self._check_timeout(endtime, orig_timeout, stdout, stderr)
~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "Lib/subprocess.py", line 1266, in _check_timeout
raise TimeoutExpired(
...<2 lines>...
stderr=b''.join(stderr_seq) if stderr_seq else None)
subprocess.TimeoutExpired: Command '[...]' timed out after 5 seconds
The last remaining set of tests to split out that are focused on one
specific implementation portion (`bufferedio.c`).
test_io.test_general is now largely tests around `io.open` and module
properties (ex. pickling, class hierarchy, module members, etc).
This closes#138013.
gh-138013: Split TextIO tests from test_general
These tests take 1.3 seconds on my dev machine, match fairly closely
with testing `textio.c` implementation only.
* gh-139116: tracemalloc: Detach thread state when acquiring tables_lock
This prevents a deadlock when:
- One thread is in `_PyTraceMalloc_Stop`, with `TABLES_LOCK` held, calling
`PyRefTracer_SetTracer` which wants to stop the world
- Another is thread in `PyTraceMalloc_Track`, just attached thread state, waiting
for `TABLES_LOCK`
Detaching the thread state while waiting for `TABLES_LOCK` allows
`PyRefTracer_SetTracer` to stop the world.
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Passing a negative or zero size to `cursor.fetchmany()` made it fetch all rows
instead of none.
While this could be considered a security vulnerability, it was decided to treat
this issue as a regular bug as passing a non-sanitized *size* value in the first
place is not recommended.
Adds a PrivacyInfo.xcprivacy file when packaging `_hashlib` and `_ssl` modules
for iOS (based on the original OpenSSL sources); and adds handling to the build
script to allow any app to add `xcprivacy` handling for a binary module.
Expose the XML Expat 2.7.2 APIs to tune protections against
"billion laughs" [1] attacks.
The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:
- `parser.SetBillionLaughsAttackProtectionActivationThreshold(threshold)`, and
- `parser.SetBillionLaughsAttackProtectionMaximumAmplification(max_factor)`.
This completes the work in f04bea44c3,
and improves the existing related documentation.
[1]: https://en.wikipedia.org/wiki/Billion_laughs_attack
* Remove generator type check in raise_SIGINT_then_send_None
In the Cinder JIT we use a different type for generators, which breaks
the test which uses this function.
In general I believe the intent with generators is they have the right
structure rather than type, so a failure to find the 'send()' method is arguably
more correct if the wrong object is used.
* Also stop using PyGenObject type
Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).
The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:
- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.
