* gh-145376: Fix crashes in md5module.c
Fix a possible NULL pointer dereference in `md5module.c`.
This can only occur in error paths taken when the interpreter fails to allocate memory.
(cherry-picked from c1d7768321)
* 📜🤖 Added by blurb_it.
* Update Modules/md5module.c
---------
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
gh-145335: Fix crash when passing -1 as fd in os.pathconf (GH-145390)
(cherry picked from commit 5c3a47b94a)
Co-authored-by: AN Long <aisk@users.noreply.github.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
`_struct.c`: Fix UB from integer overflow in `prepare_s` (GH-145158)
Avoid possible undefined behaviour from signed overflow in `struct` module
As discovered via oss-fuzz.
(cherry picked from commit fd0400585e)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
* [3.13] gh-143698: correctly check `scheduler` and `setpgroup` values for `os.posix_spawn[p]` (GH-143699)
Fix an issue where passing invalid arguments to `os.posix_spawn[p]` functions
raised a SystemError instead of a TypeError, and allow to explicitly use `None`
for `scheduler` and `setpgroup` as specified in the docs.
(cherry picked from commit 347fc438cf)
(cherry picked from commit 8b7b5a9946)
(cherry picked from commit bcabbd02f6)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Pierre Le Marre <dev@wismill.eu>
gh-144833: Fix use-after-free in SSL module when SSL_new() fails (GH-144843)
In newPySSLSocket(), when SSL_new() returns NULL, Py_DECREF(self)
was called before _setSSLError(get_state_ctx(self), ...), causing
a use-after-free. Additionally, get_state_ctx() was called with
self (PySSLSocket*) instead of sslctx (PySSLContext*), which is
a type confusion bug.
Fix by calling _setSSLError() before Py_DECREF() and using
sslctx instead of self for get_state_ctx().
(cherry picked from commit c91638ca06)
Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
Lookup for CJK ideograms and Hangul syllables is now case-insensitive,
as is the case for other character names.
(cherry picked from commit e66f4a5a9c)
Co-authored-by: James <snoopjedi@gmail.com>
This was causing ucd_3_2_0.numeric() to pick up only decimal
changes between Unicode 3.2.0 and the current version.
(cherry picked from commit 3e0322ff16)
Co-authored-by: William Meehan <wmeehan@fb.com>
(cherry picked from commit d5cb9f6a9b)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
- generate_sbom.py: Exclude the refresh script from SBOM
- Modules/expat/refresh.sh: Expand the list of manual steps
(cherry picked from commit 51d309988b)
gh-142555: Fix null pointer dereference in array.__setitem__ via re-entrant __index__ (GH-142713)
(cherry picked from commit 39f16a93ef)
Co-authored-by: AN Long <aisk@users.noreply.github.com>
gh-144100: Fix crash for POINTER(str) used in ctypes argtypes (#144108)
(cherry picked from commit 8f459255eb)
Co-authored-by: VanshAgarwal24036 <148854295+VanshAgarwal24036@users.noreply.github.com>
[3.13] gh-144023: Prevent follow_symlinks from being allowed with an fd of 0 (GH-144022)
The check was (fd > 0), should be (fd >= 0).
(cherry picked from commit fa44efa0ef)
Co-authored-by: AZero13 <gfunni234@gmail.com>
Update struct.__doc__: _Bool available unconditionally (GH-143716)
This amends commit a9296e7f3b.
(cherry picked from commit 31c81ab0a2)
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
gh-143249: Fix buffer leak when overlapped operation fails to start on windows (GH-143250)
(cherry picked from commit 103a384bfd)
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
PyObject_GetBuffer() can execute user code (e.g. via __buffer__), which may
close or otherwise mutate a BytesIO object while write() or writelines()
is in progress. This could invalidate the internal buffer and lead to a
use-after-free.
Ensure that PyObject_GetBuffer() is called before validation checks.
(cherry picked from commit 6d54b6ac7d)
Co-authored-by: zhong <60600792+superboy-zjc@users.noreply.github.com>
Previously, this could cause crash or data corruption, now concurrent calls
of methods of the same object raise RuntimeError.
(cherry picked from commit d1282efb2b)
[3.13] gh-143309: fix UAF in `os.execve` when the environment is concurrently mutated (GH-143314) (#143431)
(cherry picked from commit 9609574e7f)
(cherry picked from commit c99f766743)
The result tuple was leaked if __ctypes_from_outparam__() failed for any item.
(cherry picked from commit 579c5b496b)
Signed-off-by: Yongtao Huang <yongtaoh2022@gmail.com>
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
This happened when the Counter was mutated when incrementing
the value for an existing key.
(cherry picked from commit 86d904588e)
Co-authored-by: kaushal trivedi <155625932+Kaushalt2004@users.noreply.github.com>
gh-122431: Correct the non-negative error message in `readline.append_history_file` (GH-143075)
"positive" -> "non-negative", since zero is included.
(cherry picked from commit a273bc99d2)
Co-authored-by: Zheng Yu <dataisland@outlook.com>
gh-143012: use `Py_ssize_t` cast for `PyBytes_FromStringAndSize` (GH-143013)
(cherry picked from commit 5989095dfd)
Co-authored-by: AZero13 <gfunni234@gmail.com>
