gh-144833: Fix use-after-free in SSL module when SSL_new() fails (GH-144843)
In newPySSLSocket(), when SSL_new() returns NULL, Py_DECREF(self)
was called before _setSSLError(get_state_ctx(self), ...), causing
a use-after-free. Additionally, get_state_ctx() was called with
self (PySSLSocket*) instead of sslctx (PySSLContext*), which is
a type confusion bug.
Fix by calling _setSSLError() before Py_DECREF() and using
sslctx instead of self for get_state_ctx().
(cherry picked from commit c91638ca06)
Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
gh-144759: Fix undefined behavior from NULL pointer arithmetic in lexer (GH-144788)
Guard against NULL pointer arithmetic in `_PyLexer_remember_fstring_buffers`
and `_PyLexer_restore_fstring_buffers`. When `start` or `multi_line_start`
are NULL (uninitialized in tok_mode_stack[0]), performing `NULL - tok->buf`
is undefined behavior. Add explicit NULL checks to store -1 as sentinel
and restore NULL accordingly.
Add test_lexer_buffer_realloc_with_null_start to test_repl.py that
exercises the code path where the lexer buffer is reallocated while
tok_mode_stack[0] has NULL start/multi_line_start pointers. This
triggers _PyLexer_remember_fstring_buffers and verifies the NULL
checks prevent undefined behavior.
(cherry picked from commit e6110efd03)
Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
Lookup for CJK ideograms and Hangul syllables is now case-insensitive,
as is the case for other character names.
(cherry picked from commit e66f4a5a9c)
Co-authored-by: James <snoopjedi@gmail.com>
This was causing ucd_3_2_0.numeric() to pick up only decimal
changes between Unicode 3.2.0 and the current version.
(cherry picked from commit 3e0322ff16)
Co-authored-by: William Meehan <wmeehan@fb.com>
gh-143650: Fix importlib race condition on import failure (GH-143651)
Fix a race condition where a thread could receive a partially-initialized
module when another thread's import fails. The race occurs when:
1. Thread 1 starts importing, adds module to sys.modules
2. Thread 2 sees the module in sys.modules via the fast path
3. Thread 1's import fails, removes module from sys.modules
4. Thread 2 returns a stale module reference not in sys.modules
The fix adds verification after the "skip lock" optimization in both Python
and C code paths to check if the module is still in sys.modules. If the
module was removed (due to import failure), we retry the import so the
caller receives the actual exception from the import failure rather than
a stale module reference.
(cherry picked from commit ac8b5b6890)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
(cherry picked from commit d5cb9f6a9b)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Fix thread-safety issues when accessing frame attributes while another
thread is executing the frame:
- Add critical section to frame_repr() to prevent races when accessing
the frame's code object and line number
- Add _Py_NO_SANITIZE_THREAD to PyUnstable_InterpreterFrame_GetLasti()
to allow intentional racy reads of instr_ptr.
- Fix take_ownership() to not write to the original frame's f_executable
(cherry picked from commit 5bb3bbb9c6)
Co-authored-by: Sam Gross <colesbury@gmail.com>
* gh-140414: add fastpath for current running loop in `asyncio.all_tasks` (GH-140542)
Optimize `asyncio.all_tasks()` for the common case where the event loop is running in the current thread by avoiding stop-the-world pauses and locking.
This optimization is already present for `asyncio.current_task()` so we do the same for `asyncio.all_tasks()`.
(cherry picked from commit 95e5d59630)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
gh-142555: Fix null pointer dereference in array.__setitem__ via re-entrant __index__ (GH-142713)
(cherry picked from commit 39f16a93ef)
Co-authored-by: AN Long <aisk@users.noreply.github.com>
Modifies handling of `.gz` files in Android app payloads, and ensures that
when the Android testbed streams logs, stream flushes aren't treated as
newlines. This improves the output of test suites that use "one dot per test"
progress indicators.
(cherry picked from commit cb1dc91dcb)
Co-authored-by: Malcolm Smith <smith@chaquo.com>
gh-144194: Fix mmap failure check in perf_jit_trampoline.c (GH-143713)
mmap() returns MAP_FAILED ((void*)-1) on error, not NULL. The current
check never detects mmap failures, so jitdump initialization proceeds
even when the memory mapping fails.
(cherry picked from commit 8fe8a94a7c)
Co-authored-by: stratakis <cstratak@redhat.com>
gh-144100: Fix crash for POINTER(str) used in ctypes argtypes (GH-144108)
(cherry picked from commit 8f459255eb)
Co-authored-by: VanshAgarwal24036 <148854295+VanshAgarwal24036@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-144169: Fix three crashes in AST objects with non-str kwargs (GH-144178)
(cherry picked from commit 639c1ad4f1)
Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-143513: Remove importlib.abc documentation for removed ABCs (GH-143605)
In 3.11 ResourceReader, Traversable, & TraversableResources moved from importlib.abc to importlib.resources.abc (commit e712a5b277).
In 3.12 old import locations were deprecated (commit 71848c9609).
In 3.14 backwards-compat support was removed (commit 0751511d24).
(cherry picked from commit f8262b84f5)
Co-authored-by: Alex Willmer <alex@moreati.org.uk>
Co-authored-by: Brett Cannon <brett@python.org>
[3.14] gh-144023: Prevent follow_symlinks from being allowed with an fd of 0 (GH-144022)
The check was (fd > 0), should be (fd >= 0).
(cherry picked from commit fa44efa0ef)
Co-authored-by: AZero13 <gfunni234@gmail.com>
gh-143874: Use self.message instead of raw print in `_exec_in_closure()` (GH-143875)
(cherry picked from commit e66597d6c8)
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
gh-143774 - Improve IDLE Format Paragraph doc (GH-143775)
Add a reminder to not rewrap code line to the Menu => Format => Reformat Paragraph entry.
In Editing and Nagivagion, add a new 'Format block' subsection that defines 'paragraph'
to better match what is dependably handled as more or less expected.
In particular, specify equal indents and that the resulting indent equals original indent.
Also mention that selections are expanded to complete lines and how to modify max length.
(Also fix a couple case errors in cross references.)
(cherry picked from commit fa3abf5a51)
Co-authored-by: Terry Jan Reedy <tjreedy@udel.edu>
gh-143916: Reject control characters in wsgiref.headers.Headers (GH-143917)
* Add 'test.support' fixture for C0 control characters
* gh-143916: Reject control characters in wsgiref.headers.Headers
(cherry picked from commit f7fceed79c)
Co-authored-by: Seth Michael Larson <seth@python.org>
This allows to run Tkinter tests with the specified value of
tkinter.wantobjects, for example "-u wantobjects=0".
(cherry picked from commit 21ed1e2a94)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-143880: Fix data race in `functools.partial` in free threading build
The assignment to `pto->vectorcall` isn't thread-safe in the free
threading build. Note that this is already fixed in the main branch.
gh-143602: Fix duplicate buffer exports in io.BytesIO.write (#143629)
Fix an inconsistency issue in io.BytesIO.write() where the buffer was exported
twice, which could lead to unexpected data overwrites and position drift when
the buffer changes between exports.
(cherry picked from commit c461aa99e2)
Co-authored-by: zhong <60600792+superboy-zjc@users.noreply.github.com>
This happens when the set contained several elements with the same hash,
and then some of them were removed.
(cherry picked from commit b8e925b4f8)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Writing out an object may involve a slot lookup, which is not safe to do with
an exception raised. In debug mode an assertion failure will occur if this
happens.
(cherry picked from commit ce8f5f98c6)
Co-authored-by: Duane Griffin <duaneg@dghda.com>
gh-143249: Fix buffer leak when overlapped operation fails to start on windows (GH-143250)
(cherry picked from commit 103a384bfd)
Co-authored-by: Yongtao Huang <yongtaoh2022@gmail.com>
gh-143706: Fix sys.argv not set during multiprocessing forkserver `__main__` preload (GH-143717)
The forkserver was not passing sys.argv to its main() function, causing
sys.argv to be empty during `__main__` module import in child processes. This
fixes a non-obvious regression inadvertently introduced by the gh-126631 main
preloading fix.
(cherry picked from commit 298d5440eb)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
The internal encoder object returned by undocumented function
json.encoder.c_make_encoder() (aka _json.make_encoder()) crashed
when it was called with non-zero second argument.
(cherry picked from commit c559135c93)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
