[3.13] gh-144023: Prevent follow_symlinks from being allowed with an fd of 0 (GH-144022)
The check was (fd > 0), should be (fd >= 0).
(cherry picked from commit fa44efa0ef)
Co-authored-by: AZero13 <gfunni234@gmail.com>
gh-143916: Reject control characters in wsgiref.headers.Headers (GH-143917)
* Add 'test.support' fixture for C0 control characters
* gh-143916: Reject control characters in wsgiref.headers.Headers
(cherry picked from commit f7fceed79c)
Co-authored-by: Seth Michael Larson <seth@python.org>
This allows to run Tkinter tests with the specified value of
tkinter.wantobjects, for example "-u wantobjects=0".
(cherry picked from commit 21ed1e2a94)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
[3.14] gh-143602: Fix duplicate buffer exports in io.BytesIO.write (#143629) (#143872)
gh-143602: Fix duplicate buffer exports in io.BytesIO.write (#143629)
Fix an inconsistency issue in io.BytesIO.write() where the buffer was exported
twice, which could lead to unexpected data overwrites and position drift when
the buffer changes between exports.
(cherry picked from commit c461aa99e2)
(cherry picked from commit 1241432150)
Co-authored-by: zhong <60600792+superboy-zjc@users.noreply.github.com>
Add tests for negative offset, out of bound offset, invalid type of offset,
non-writeable buffer, non-continuous buffer, invalid type of buffer.
Repeat all tests for struct.Struct.pack_into().
(cherry picked from commit 66680f1230)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Writing out an object may involve a slot lookup, which is not safe to do with
an exception raised. In debug mode an assertion failure will occur if this
happens.
(cherry picked from commit ce8f5f98c6)
Co-authored-by: Duane Griffin <duaneg@dghda.com>
The forkserver was not passing sys.argv to its main() function, causing
sys.argv to be empty during `__main__` module import in child processes. This
fixes a non-obvious regression inadvertently introduced by the gh-126631 main
preloading fix.
(cherry picked from commit 298d5440eb)
gh-143249: Fix buffer leak when overlapped operation fails to start on windows (GH-143250)
(cherry picked from commit 103a384bfd)
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
It was incorrect in case of mixed tabs and spaces in indentation.
(cherry picked from commit 5f28aa2f37)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
PyObject_GetBuffer() can execute user code (e.g. via __buffer__), which may
close or otherwise mutate a BytesIO object while write() or writelines()
is in progress. This could invalidate the internal buffer and lead to a
use-after-free.
Ensure that PyObject_GetBuffer() is called before validation checks.
(cherry picked from commit 6d54b6ac7d)
Co-authored-by: zhong <60600792+superboy-zjc@users.noreply.github.com>
These tests relied on a bug -- gh-84644, which is that singledispatch
doesn't verify the annotation is on the "first" parameter.
(cherry picked from commit 620a5b9269)
Co-authored-by: Bartosz Sławecki <bartosz@ilikepython.com>
Previously, this could cause crash or data corruption, now concurrent calls
of methods of the same object raise RuntimeError.
(cherry picked from commit d1282efb2b)
gh-143641: Make `ready_to_import` always remove tempdir from `sys.path` (GH-143642)
Make ready_to_import always remove tempdir from sys.path
(cherry picked from commit e7f5ffa0de)
Co-authored-by: Jeong, YunWon <69878+youknowone@users.noreply.github.com>
When comparing negative non-integer float and int with the same number
of bits in the integer part, __neg__() in the int subclass returning
not an int caused an assertion error.
Now the integer is no longer negated. Also, reduced the number of
temporary created Python objects.
(cherry picked from commit 66bca383bd)
[3.14] gh-143547: Fix PyErr_FormatUnraisable() fallback (GH-143557) (GH-143603)
gh-143547: Fix PyErr_FormatUnraisable() fallback (GH-143557)
Hold a strong reference to 'hook' while calling the default
unraisable took to log hook failure.
(cherry picked from commit 1d0baf1ae4)
(cherry picked from commit 39a2bcf949)
Co-authored-by: Victor Stinner <vstinner@python.org>
For example, "-u xpickle=2.7" will run test_xpickle only against Python 2.7.
(cherry picked from commit c07e5ec0a9)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-143528: Fix test_time.test_thread_time() (GH-143558)
Tolerate 100 ms instead of 20 ms to support slow CIs.
(cherry picked from commit efaa56f73c)
Co-authored-by: Victor Stinner <vstinner@python.org>
Move data classes used in tests to separate file test_picklecommon.py,
so it can be imported in old Python versions.
(cherry picked from commit 8735daf3e8)
(cherry picked from commit ff0a8b7289)
Co-authored-by: Ken Jin <kenjin@python.org>
When __length_hint__() returns 0 for non-empty iterator, the data can be
written past the shared 0-terminated buffer, corrupting it.
(cherry picked from commit 522563549a)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
[3.13] gh-143309: fix UAF in `os.execve` when the environment is concurrently mutated (GH-143314) (#143431)
(cherry picked from commit 9609574e7f)
(cherry picked from commit c99f766743)
gh-140648: Make asyncio REPL respect the `-I` flag (isolated mode) (GH-143045)
(cherry picked from commit e7c542de5f)
Co-authored-by: Bartosz Sławecki <bartosz@ilikepython.com>
gh-143200: fix UAFs in `Element.__{set,get}item__` when the element is concurrently mutated (GH-143226)
(cherry picked from commit b6b0e14b3d)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
