It no longer emits text for comments and processing instructions.
(cherry picked from commit 7de4fcd445)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-142831: Fix use-after-free in json encoder during re-entrant mutation (gh-142851)
User callbacks invoked during JSON encoding (e.g. the `default` callback or
a custom string encoder) can mutate or clear the dict or sequence being
encoded, invalidating borrowed references to items, keys, and values. Hold
strong references unconditionally while iterating.
(cherry picked from commit 235fa7244a)
Co-authored-by: Kumar Aditya <kumaraditya@python.org>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
`faulthandler_traverse` visits Python objects owned by `_PyRuntime`, not
by the module instance. With multi-phase init allowing multiple module
instances, each instance's GC traversal decrements `gc_refs` on the same
runtime-owned objects, driving it negative when two instances are
collected simultaneously.
(cherry picked from commit 56737483c2)
gh-149707: Fix compiler warning in _ctypes_test on strchr() (#149791)
Change my_strchr() return type to "const char*" (add "const").
Fix the compiler warning:
Modules/_ctypes/_ctypes_test.c: In function 'my_strchr':
Modules/_ctypes/_ctypes_test.c:451:12: warning: return discards
'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
451 | return strchr(s, c);
| ^~~~~~
When using C23, strchr(text, ch) return type is "const char*" if text
type is "const char*".
(cherry picked from commit 5465b69255)
Instead of reading past the end of the empty buffer.
(cherry picked from commit 0c6d2f64c0)
Co-authored-by: Maurycy Pawłowski-Wieroński <maurycy@maurycy.com>
* Document that 's' and 'p' accept bytes and bytearray.
* Fix some footnotes.
* Clarify that "string" is a byte string.
* Fix the module docstring.
(cherry picked from commit 3e5a3cb2bd)
gh-148395: Fix a possible UAF in `{LZMA,BZ2,_Zlib}Decompressor` (GH-148396)
Fix dangling input pointer after `MemoryError` in _lzma/_bz2/_ZlibDecompressor.decompress
(cherry picked from commit 8fc66aef6d)
Co-authored-by: Stan Ulbrych <stan@python.org>
gh-145105: Fix crash in csv.reader with re-entrant iterator (GH-145106)
When a custom iterator calls next() on the same csv.reader from
within __next__, the inner iteration sets self->fields to NULL.
The outer iteration then crashes in parse_save_field() by passing
NULL to PyList_Append.
Add a guard after PyIter_Next() to detect that fields was set to
NULL by a re-entrant call, and raise csv.Error instead of crashing.
(cherry picked from commit 20994b1809)
Co-authored-by: Ramin Farajpour Cami <ramin.blackhat@gmail.com>
The long_from_string_base() might return a small integer, when the
_pylong.py is used to do conversion. Hence, we must be careful here to
not smash it "small int" bit by using the _PyLong_FlipSign().
Co-authored-by: Victor Stinner <vstinner@python.org>
(cherry picked from commit db5936c5b8)
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
gh-146059: Call fast_save_leave() in pickle save_frozenset() (GH-146173)
Add more pickle tests: test also nested structures.
(cherry picked from commit 5c0dcb3e0d)
Co-authored-by: Victor Stinner <vstinner@python.org>
Use uniform standard signature syntax in the tutorial and in
the array and collections modules documentation.
(cherry picked from commit 17070f41d4)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-145633: Fix struct.pack('f') on s390x (#146422)
Use PyFloat_Pack4() to raise OverflowError.
Add more tests on packing/unpacking floats.
(cherry picked from commit 8de70b31c5)
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
Base64 decoder (see binascii.a2b_base64(), base64.b64decode(), etc)
no longer ignores excess data after the first padded quad in non-strict
(default) mode. Instead, in conformance with RFC 4648, it ignores the
pad character, "=", if it is present before the end of the encoded data.
(cherry picked from commit 4561f6418a)
(cherry picked from commit e31c551216)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-146092: Raise MemoryError on allocation failure in _zoneinfo (GH-146165)
(cherry picked from commit 6450b1d142)
Co-authored-by: Victor Stinner <vstinner@python.org>
gh-146093: Fix csv _set_str(): check if PyUnicode_DecodeASCII() failed (GH-146113)
The function can fail on a memory allocation failure.
Bug reported by devdanzin.
(cherry picked from commit 724c7c8146)
Co-authored-by: Victor Stinner <vstinner@python.org>
* gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987)
Fix C stack overflow (CVE-2026-4224) when an Expat parser
with a registered `ElementDeclHandler` parses inline DTD
containing deeply nested content model.
---------
(cherry picked from commit eb0e8be3a7)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
* Remvoe `skip_if_unlimited_stack_size` decorator
* Remove more decorators not on this branch
---------
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
(cherry picked from commit 2d35f9bc1c)
Includes test fix-up from GH-145788
(cherry picked from commit aa4240ebea)
Co-authored-by: Thomas Kowalski <thom.kowa@gmail.com>
Co-authored-by: Matt Van Horn <mvanhorn@users.noreply.github.com>
Only set the format attribute after successful (re-)initialization.
(cherry picked from commit 3f33bf83e8)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
