* Add the c_init_default attribute which is used to initialize the C variable
if the default is not explicitly provided.
* Add the c_default_init() method which is used to derive c_default from
default if c_default is not explicitly provided.
* Explicit c_default and py_default are now almost always have precedence
over the generated value.
* Add support for bytes literals as default values.
* Improve support for str literals as default values (support non-ASCII
and non-printable characters and special characters like backslash or quotes).
* Fix support for str and bytes literals containing trigraphs, "/*" and "*/".
* Improve support for default values in converters "char" and "int(accept={str})".
* Converter "int(accept={str})" now requires 1-character string instead of
integer as default value.
* Add support for non-None default values in converter "Py_buffer": NULL,
str and bytes literals.
* Improve error handling for invalid default values.
* Rename Null to NullType for consistency.
(cherry picked from commit 99e2c5eccd)
gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987)
Fix C stack overflow (CVE-2026-4224) when an Expat parser
with a registered `ElementDeclHandler` parses inline DTD
containing deeply nested content model.
---------
(cherry picked from commit eb0e8be3a7)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
(cherry picked from commit 2d35f9bc1c)
Includes test fix-up from GH-145788
(cherry picked from commit aa4240ebea)
Co-authored-by: Thomas Kowalski <thom.kowa@gmail.com>
Co-authored-by: Matt Van Horn <mvanhorn@users.noreply.github.com>
Only set the format attribute after successful (re-)initialization.
(cherry picked from commit 3f33bf83e8)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-145376: Fix crashes in `md5module.c` and `hmacmodule.c` (GH-145422)
Fix a possible NULL pointer dereference in `md5module.c` and a double-free in `hmacmodule.c`.
Those crashes only occur in error paths taken when the interpreter fails to allocate memory.
(cherry picked from commit c1d7768321)
Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>
gh-145335: Fix crash when passing -1 as fd in os.pathconf (GH-145390)
(cherry picked from commit 5c3a47b94a)
Co-authored-by: AN Long <aisk@users.noreply.github.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
`_struct.c`: Fix UB from integer overflow in `prepare_s` (GH-145158)
Avoid possible undefined behaviour from signed overflow in `struct` module
As discovered via oss-fuzz.
(cherry picked from commit fd0400585e)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Fix an issue where passing invalid arguments to `os.posix_spawn[p]` functions
raised a SystemError instead of a TypeError, and allow to explicitly use `None`
for `scheduler` and `setpgroup` as specified in the docs.
(cherry picked from commit 347fc438cf)
gh-144601: Avoid sharing exception objects raised in a `PyInit` function across multiple interpreters (GH-144602)
(cherry picked from commit fd6b639a49)
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
gh-144833: Fix use-after-free in SSL module when SSL_new() fails (GH-144843)
In newPySSLSocket(), when SSL_new() returns NULL, Py_DECREF(self)
was called before _setSSLError(get_state_ctx(self), ...), causing
a use-after-free. Additionally, get_state_ctx() was called with
self (PySSLSocket*) instead of sslctx (PySSLContext*), which is
a type confusion bug.
Fix by calling _setSSLError() before Py_DECREF() and using
sslctx instead of self for get_state_ctx().
(cherry picked from commit c91638ca06)
Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
[3.14] gh-144551: Update CI to use latest OpenSSL versions
Also update _ssl_data_35.h to include an added symbol from 3.5.5.
(cherry picked from commit b933ef9261)
Lookup for CJK ideograms and Hangul syllables is now case-insensitive,
as is the case for other character names.
(cherry picked from commit e66f4a5a9c)
Co-authored-by: James <snoopjedi@gmail.com>
This was causing ucd_3_2_0.numeric() to pick up only decimal
changes between Unicode 3.2.0 and the current version.
(cherry picked from commit 3e0322ff16)
Co-authored-by: William Meehan <wmeehan@fb.com>
gh-144629: Add test for the PyFunction_GetAnnotations() function (GH-144630)
(cherry picked from commit cc81707e40)
Co-authored-by: Nybblista <170842536+nybblista@users.noreply.github.com>
(cherry picked from commit d5cb9f6a9b)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
* gh-140414: add fastpath for current running loop in `asyncio.all_tasks` (GH-140542)
Optimize `asyncio.all_tasks()` for the common case where the event loop is running in the current thread by avoiding stop-the-world pauses and locking.
This optimization is already present for `asyncio.current_task()` so we do the same for `asyncio.all_tasks()`.
(cherry picked from commit 95e5d59630)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
gh-142555: Fix null pointer dereference in array.__setitem__ via re-entrant __index__ (GH-142713)
(cherry picked from commit 39f16a93ef)
Co-authored-by: AN Long <aisk@users.noreply.github.com>
gh-144100: Fix crash for POINTER(str) used in ctypes argtypes (GH-144108)
(cherry picked from commit 8f459255eb)
Co-authored-by: VanshAgarwal24036 <148854295+VanshAgarwal24036@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.14] gh-144023: Prevent follow_symlinks from being allowed with an fd of 0 (GH-144022)
The check was (fd > 0), should be (fd >= 0).
(cherry picked from commit fa44efa0ef)
Co-authored-by: AZero13 <gfunni234@gmail.com>
Update struct.__doc__: _Bool available unconditionally (GH-143716)
This amends commit a9296e7f3b.
(cherry picked from commit 31c81ab0a2)
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
gh-143674: Document F/D complex format characters in struct module (GH-143675)
Add documentation for the F (complex from two floats) and D (complex
from two doubles) format characters in the struct module docstring.
These format characters were implemented but not documented.
(cherry picked from commit 3e93225798)
Co-authored-by: Muneeb Ullah <moneebullah25@gmail.com>
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
gh-143880: Fix data race in `functools.partial` in free threading build
The assignment to `pto->vectorcall` isn't thread-safe in the free
threading build. Note that this is already fixed in the main branch.
gh-143249: Fix buffer leak when overlapped operation fails to start on windows (GH-143250)
(cherry picked from commit 103a384bfd)
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
The internal encoder object returned by undocumented function
json.encoder.c_make_encoder() (aka _json.make_encoder()) crashed
when it was called with non-zero second argument.
(cherry picked from commit c559135c93)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-143544: Fix possible use-after-free in the JSON decoder when JSONDecodeError disappears during raising it (GH-143561)
(cherry picked from commit c315748060)
Co-authored-by: VanshAgarwal24036 <148854295+VanshAgarwal24036@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
