gh-143050: Correct PyLong_FromString() to use _PyLong_Negate() (GH-145901)
The long_from_string_base() might return a small integer, when the
_pylong.py is used to do conversion. Hence, we must be careful here to
not smash it "small int" bit by using the _PyLong_FlipSign().
(cherry picked from commit db5936c5b8)
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
The TypeError in _zstd_set_d_parameters incorrectly referred to
compression options; say decompression options instead.
(cherry picked from commit 4d0e8ee649)
Co-authored-by: cui <cuiweixie@gmail.com>
gh-146480: Override the exception in _PyErr_SetKeyError() (GH-146486)
If _PyErr_SetKeyError() is called with an exception set, it now
replaces the current exception with KeyError (as expected), instead
of setting a SystemError or failing with a fatal error (in debug
mode).
(cherry picked from commit d4153a9f76)
Co-authored-by: Victor Stinner <vstinner@python.org>
Use uniform standard signature syntax in the tutorial and in
the array and collections modules documentation.
(cherry picked from commit 17070f41d4)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-146059: Call fast_save_leave() in pickle save_frozenset() (GH-146173)
Add more pickle tests: test also nested structures.
(cherry picked from commit 5c0dcb3e0d)
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-145633: Fix struct.pack('f') on s390x (GH-146422)
Use PyFloat_Pack4() to raise OverflowError.
Add more tests on packing/unpacking floats.
(cherry picked from commit 8de70b31c5)
Co-authored-by: Victor Stinner <vstinner@python.org>
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
Base64 decoder (see binascii.a2b_base64(), base64.b64decode(), etc)
no longer ignores excess data after the first padded quad in non-strict
(default) mode. Instead, in conformance with RFC 4648, it ignores the
pad character, "=", if it is present before the end of the encoded data.
(cherry picked from commit 4561f6418a)
gh-146092: Raise MemoryError on allocation failure in _zoneinfo (GH-146165)
(cherry picked from commit 6450b1d142)
Co-authored-by: Victor Stinner <vstinner@python.org>
Add tests for corner cases: NULL pointers and out of range values.
(cherry picked from commit ab47892c32)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-146093: Fix csv _set_str(): check if PyUnicode_DecodeASCII() failed (GH-146113)
The function can fail on a memory allocation failure.
Bug reported by devdanzin.
(cherry picked from commit 724c7c8146)
Co-authored-by: Victor Stinner <vstinner@python.org>
* Add the c_init_default attribute which is used to initialize the C variable
if the default is not explicitly provided.
* Add the c_default_init() method which is used to derive c_default from
default if c_default is not explicitly provided.
* Explicit c_default and py_default are now almost always have precedence
over the generated value.
* Add support for bytes literals as default values.
* Improve support for str literals as default values (support non-ASCII
and non-printable characters and special characters like backslash or quotes).
* Fix support for str and bytes literals containing trigraphs, "/*" and "*/".
* Improve support for default values in converters "char" and "int(accept={str})".
* Converter "int(accept={str})" now requires 1-character string instead of
integer as default value.
* Add support for non-None default values in converter "Py_buffer": NULL,
str and bytes literals.
* Improve error handling for invalid default values.
* Rename Null to NullType for consistency.
(cherry picked from commit 99e2c5eccd)
gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987)
Fix C stack overflow (CVE-2026-4224) when an Expat parser
with a registered `ElementDeclHandler` parses inline DTD
containing deeply nested content model.
---------
(cherry picked from commit eb0e8be3a7)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
(cherry picked from commit 2d35f9bc1c)
Includes test fix-up from GH-145788
(cherry picked from commit aa4240ebea)
Co-authored-by: Thomas Kowalski <thom.kowa@gmail.com>
Co-authored-by: Matt Van Horn <mvanhorn@users.noreply.github.com>
Only set the format attribute after successful (re-)initialization.
(cherry picked from commit 3f33bf83e8)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-145376: Fix crashes in `md5module.c` and `hmacmodule.c` (GH-145422)
Fix a possible NULL pointer dereference in `md5module.c` and a double-free in `hmacmodule.c`.
Those crashes only occur in error paths taken when the interpreter fails to allocate memory.
(cherry picked from commit c1d7768321)
Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>
gh-145335: Fix crash when passing -1 as fd in os.pathconf (GH-145390)
(cherry picked from commit 5c3a47b94a)
Co-authored-by: AN Long <aisk@users.noreply.github.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
`_struct.c`: Fix UB from integer overflow in `prepare_s` (GH-145158)
Avoid possible undefined behaviour from signed overflow in `struct` module
As discovered via oss-fuzz.
(cherry picked from commit fd0400585e)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Fix an issue where passing invalid arguments to `os.posix_spawn[p]` functions
raised a SystemError instead of a TypeError, and allow to explicitly use `None`
for `scheduler` and `setpgroup` as specified in the docs.
(cherry picked from commit 347fc438cf)
gh-144601: Avoid sharing exception objects raised in a `PyInit` function across multiple interpreters (GH-144602)
(cherry picked from commit fd6b639a49)
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
