Writing out an object may involve a slot lookup, which is not safe to do with
an exception raised. In debug mode an assertion failure will occur if this
happens.
(cherry picked from commit ce8f5f98c6)
Co-authored-by: Duane Griffin <duaneg@dghda.com>
The forkserver was not passing sys.argv to its main() function, causing
sys.argv to be empty during `__main__` module import in child processes. This
fixes a non-obvious regression inadvertently introduced by the gh-126631 main
preloading fix.
(cherry picked from commit 298d5440eb)
gh-143249: Fix buffer leak when overlapped operation fails to start on windows (GH-143250)
(cherry picked from commit 103a384bfd)
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
It was incorrect in case of mixed tabs and spaces in indentation.
(cherry picked from commit 5f28aa2f37)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
PyObject_GetBuffer() can execute user code (e.g. via __buffer__), which may
close or otherwise mutate a BytesIO object while write() or writelines()
is in progress. This could invalidate the internal buffer and lead to a
use-after-free.
Ensure that PyObject_GetBuffer() is called before validation checks.
(cherry picked from commit 6d54b6ac7d)
Co-authored-by: zhong <60600792+superboy-zjc@users.noreply.github.com>
Previously, this could cause crash or data corruption, now concurrent calls
of methods of the same object raise RuntimeError.
(cherry picked from commit d1282efb2b)
When comparing negative non-integer float and int with the same number
of bits in the integer part, __neg__() in the int subclass returning
not an int caused an assertion error.
Now the integer is no longer negated. Also, reduced the number of
temporary created Python objects.
(cherry picked from commit 66bca383bd)
[3.14] gh-143547: Fix PyErr_FormatUnraisable() fallback (GH-143557) (GH-143603)
gh-143547: Fix PyErr_FormatUnraisable() fallback (GH-143557)
Hold a strong reference to 'hook' while calling the default
unraisable took to log hook failure.
(cherry picked from commit 1d0baf1ae4)
(cherry picked from commit 39a2bcf949)
Co-authored-by: Victor Stinner <vstinner@python.org>
In optimized and `-Og` builds, arguments and local variables are frequently
unavailable in gdb. This makes `py-bt` fail to print anything useful. Use the
`PyThreadState*` pointers `_Py_tss_gilstate` and `Py_tss_tstate` to find the
interpreter frame if we can't get the frame from the
`_PyEval_EvalFrameDefault` call.
(cherry picked from commit 49c3b0a67a)
Co-authored-by: Victor Stinner <vstinner@python.org>
For example, "-u xpickle=2.7" will run test_xpickle only against Python 2.7.
(cherry picked from commit c07e5ec0a9)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Move data classes used in tests to separate file test_picklecommon.py,
so it can be imported in old Python versions.
(cherry picked from commit 8735daf3e8)
(cherry picked from commit ff0a8b7289)
Co-authored-by: Ken Jin <kenjin@python.org>
When __length_hint__() returns 0 for non-empty iterator, the data can be
written past the shared 0-terminated buffer, corrupting it.
(cherry picked from commit 522563549a)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
[3.13] gh-143309: fix UAF in `os.execve` when the environment is concurrently mutated (GH-143314) (#143431)
(cherry picked from commit 9609574e7f)
(cherry picked from commit c99f766743)
gh-140648: Make asyncio REPL respect the `-I` flag (isolated mode) (GH-143045)
(cherry picked from commit e7c542de5f)
Co-authored-by: Bartosz Sławecki <bartosz@ilikepython.com>
gh-143200: fix UAFs in `Element.__{set,get}item__` when the element is concurrently mutated (GH-143226)
(cherry picked from commit b6b0e14b3d)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
gh-142195: Fixed Popen.communicate indefinite loops (GH-143203)
Changed condition to evaluate if timeout is less than or equals to 0. This is needed for simulated time environments such as Shadow where the time will match exactly on the boundary.
---------
(cherry picked from commit fa9a4254e8)
Co-authored-by: Prithviraj Chaudhuri <p.chaudhuri1993@gmail.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
The result tuple was leaked if __ctypes_from_outparam__() failed for any item.
(cherry picked from commit 579c5b496b)
Signed-off-by: Yongtao Huang <yongtaoh2022@gmail.com>
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
This happened when the Counter was mutated when incrementing
the value for an existing key.
(cherry picked from commit 86d904588e)
Co-authored-by: kaushal trivedi <155625932+Kaushalt2004@users.noreply.github.com>
The unknown-8bit trick was designed to deal with unknown bytes in an
ASCII message, and it works fine for that. However, I also tried to
extend it to handle bytes that can't be decoded using the charset
specified in an encoded word, and there it fails because there can be
other non-ASCII characters that were *successfully* decoded. The fix is
simple: do the unknown-8bit encoding using the utf-8 codec. This is
especially appropriate since anyone trying to do recovery on an unknown
byte string will probably attempt utf-8 first.
(cherry picked from commit 1e17ccd030)
Co-authored-by: R. David Murray <rdmurray@bitdance.com>
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
gh-109263: Start process from spawn context in multiprocessing no longer have side effect (GH-135813)
(cherry picked from commit c2202a7e66)
Co-authored-by: AN Long <aisk@users.noreply.github.com>
gh-122431: Correct the non-negative error message in `readline.append_history_file` (GH-143075)
"positive" -> "non-negative", since zero is included.
(cherry picked from commit a273bc99d2)
Co-authored-by: Zheng Yu <dataisland@outlook.com>
gh-143010: Prevent a TOCTOU issue by only calling open once (GH-143011)
RDM: per AZero13's research the 'x' option did not exist when this code was written, This
modernization can thus drop the fd trick in _create_carefully and just use open with 'x' to achieve the same goal more securely.
(cherry picked from commit a88d1b8dab)
Co-authored-by: AZero13 <gfunni234@gmail.com>
Co-authored-by: sobolevn <mail@sobolevn.me>
gh-143046: Make asyncio REPL respect the `-q` flag (quiet mode) (GH-143047)
(cherry picked from commit 6213a512bf)
Co-authored-by: Bartosz Sławecki <bartosz@ilikepython.com>
gh-79986: Add parsing for References/In-Reply-To email headers (GH-137201)
This is a followup to 46d88a1131 (GH-13397),
which added parsing for Message-ID. Similar handling is needed for the
other two identification headers.
(cherry picked from commit 79aa43a979)
Co-authored-by: elenril <anton@khirnov.net>
gh-142754: Ensure that Element & Attr instances have the ownerDocument attribute (GH-142794)
(cherry picked from commit 1cc7551b3f)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
