Hold strong references to borrowed items unconditionally (not only in
free-threading builds) in _encoder_iterate_mapping_lock_held and
_encoder_iterate_fast_seq_lock_held. User callbacks invoked during
encoding can mutate or clear the underlying container, invalidating
borrowed references.
The dict iteration path was already fixed by gh-145244.
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-146287: use signed type for HMAC digest size to prevent unsigned wrapping
Change _hashlib_hmac_digest_size() return type from unsigned int to int
so that a hypothetical negative return from EVP_MD_size() is not
silently wrapped to a large positive value. Add an explicit check for
negative digest_size in the legacy OpenSSL path, and use SystemError
(not ValueError) since these conditions indicate internal invariant
violations. Also add debug-build asserts to EVP_get_block_size and
EVP_get_digest_size documenting that the hash context is always
initialized.
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
In encoder_encode_key_value(), key is a borrowed reference from
PyDict_Next(). If the default callback mutates or clears the dict,
key becomes a dangling pointer. The error path then calls
_PyErr_FormatNote("%R", key) on freed memory.
Fix by holding strong references to key and value unconditionally
during encoding, not just in the free-threading build.
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
When a custom iterator calls next() on the same csv.reader from
within __next__, the inner iteration sets self->fields to NULL.
The outer iteration then crashes in parse_save_field() by passing
NULL to PyList_Append.
Add a guard after PyIter_Next() to detect that fields was set to
NULL by a re-entrant call, and raise csv.Error instead of crashing.
Fix json serialization: no longer call str(obj) on str subclasses.
Replace PyUnicodeWriter_WriteStr() with PyUnicodeWriter_WriteASCII()
and private _PyUnicodeWriter_WriteStr().
There are newly documented restrictions on tp_traverse:
The traversal function must not have any side effects.
It must not modify the reference counts of any Python
objects nor create or destroy any Python objects.
* Add several functions that are guaranteed side-effect-free,
with a _DuringGC suffix.
* Use these in ctypes
* Consolidate tp_traverse docs in gcsupport.rst, moving unique
content from typeobj.rst there
Co-authored-by: Lysandros Nikolaou <lisandrosnik@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
clearEntries() only freed the top currentProfilerContext but did not
walk the previous linked list. When clear() is called during active
profiling with nested calls, all contexts except the top one were
leaked. Fix by iterating the entire linked list, matching the existing
freelistProfilerContext cleanup pattern.
Co-authored-by: Victor Stinner <vstinner@python.org>
Add the padded parameter in functions related to Base32 and Base64 codecs
in the binascii and base64 modules. In the encoding functions it controls
whether the pad character can be added in the output, in the decoding
functions it controls whether padding is required in input.
Padding of input no longer required in base64.urlsafe_b64decode() by default.
The gc_stats struct contains ring buffers of gc_generation_stats
entries (11 young + 3×2 old on default builds). Embedding it inline
in _gc_runtime_state, which is itself inline in PyInterpreterState,
pushed fields like _gil.locked and threads.head to offsets beyond
what out-of-process profilers and debuggers can reasonably read in
a single buffer (e.g. offset 9384 for _gil.locked vs an 8 KiB read
buffer).
Heap-allocate generation_stats via PyMem_RawCalloc in _PyGC_Init and
free it in _PyGC_Fini. This shrinks PyInterpreterState by ~1.6 KiB
and keeps the GIL, thread-list, and other frequently-inspected fields
at stable, low offsets.
When Python is built in debug mode:
* long_alloc() now initializes digits with a pattern to detect usage of
uninitialized digits.
* _PyLong_CompactValue() now makes sure that the digit is zero when the
sign is zero.
* PyLongWriter_Finish() now raises SystemError if it detects uninitialized
digits
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Accepted range for the bytes_per_sep argument of bytes.hex(),
bytearray.hex(), memoryview.hex(), and binascii.b2a_hex()
is now increased, so passing sys.maxsize and -sys.maxsize is now
valid.
Add the wrapcol parameter to base64 functions b16encode(), b32encode(),
b32hexencode(), b85encode() and z85encode(), and binascii functions
b2a_base32() and b2a_base85().
Add the ignorechars parameter to base64 functions b16decode(), b32decode(),
b32hexdecode(), b85decode() and z85decode(), and binascii functions
a2b_hex(), unhexlify(), a2b_base32() and a2b_base85().
The long_from_string_base() might return a small integer, when the
_pylong.py is used to do conversion. Hence, we must be careful here to
not smash it "small int" bit by using the _PyLong_FlipSign().
Co-authored-by: Victor Stinner <vstinner@python.org>
