tarfile reads a member's extended header (a GNU long name/link or a pax
header) with a single read sized by the header's size field:
buf = tarfile.fileobj.read(self._block(self.size))
The size is taken from the archive and is not validated, so a ~512-byte
crafted file can claim several gigabytes (or, via base-256 encoding, far
more) and make read() pre-allocate that much memory -- on open/iterate,
before any extraction filter runs.
Read the extended-header data in bounded chunks instead, so an oversized
or truncated header can no longer force a huge allocation. The bytes
returned for valid archives are unchanged.
(cherry picked from commit da99711d37)
Co-authored-by: Shardul Deshpande <iamsharduld@users.noreply.github.com>
Tcl 8.x crashes when title-casing a non-BMP character during Tk
initialization, so such a className is now rejected with a ValueError.
(cherry picked from commit 124c7cd91b)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
mock_open's _exit_side_effect had a fixed 3-arg signature, but
contextlib.ExitStack calls __exit__ with 4 args (self + 3 exc info).
Use *args to accept any number of arguments.
(cherry picked from commit 85fa295073)
Co-authored-by: Zang Peiyu <166481866+factnn@users.noreply.github.com>
The module-global screen_encoding stored a borrowed pointer to the
encoding owned by the window returned by the first initscr() call. That
window can be deallocated while unctrl() and ungetch(), which have no window
of their own, still use the pointer to encode non-ASCII characters.
Keep a private copy of the encoding instead.
(cherry picked from commit 551f8e16f8)
(cherry picked from commit 7b55e9a93e)
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replace the previously sparse reference documentation with full coverage of
the public API of the tkinter package, written from the Tcl/Tk manual pages,
the existing documentation and the module docstrings.
* Doc/library/tkinter.rst gains a "Reference" section documenting every public
class, method, function and constant of the core module -- the widgets, the
Misc, Wm, Pack, Place, Grid, XView and YView mix-ins, the Variable and image
classes, the module-level functions and the symbolic constants.
* Doc/library/tkinter.ttk.rst, dialog.rst, tkinter.font.rst and the other
module pages document their remaining classes, methods and functions.
The descriptions are Python-oriented (correct return types -- tuples rather
than Tcl lists, booleans, integers, None on cancellation, and so on) and were
checked against the Tcl/Tk 9.1 manual pages and the implementation.
versionadded, versionchanged and deprecated directives are added for the
public API, determined from the git history relative to Python 3.0: the
tkinter.ttk module (3.1); the Text, Wm, Menu and Misc methods exposing Tk 8.5
features (3.3); and the many later additions and behavior changes up to 3.15.
The Tk version required by features added after Tk 8.6 is noted as well. The
bundled Tcl/Tk version is updated to 9.0 and the manual-page links point at
the tcl9.0 reference.
--------
(cherry picked from commit 8b270b72a2)
* gh-86726: Adjust tkinter docs for the 3.14 backport
Remove documentation of API added only in 3.15 (the grid_content/
pack_content/place_content aliases, Text.search_all, the search
nolinestop/strictlimits parameters and Event.user_data/detail), date the
wm_attributes positional-argument deprecation to 3.13, and update the
bundled Tcl/Tk version to 8.6.
---------
(cherry picked from commit 1141d294ee)
Co-authored-by: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
gh-120665: make unittest loaders avoid loading test cases that are abstract base classes (GH-120666)
(cherry picked from commit 5ad3c6dfbf)
Co-authored-by: blhsing <blhsing@gmail.com>
[3.14] gh-101267: ProcessPoolExecutor no longer shares 1 BrokenProcessPool exception among all failed futures (GH-101268) (GH-151431)
* gh-101267: ProcessPoolExecutor no longer shares 1 BrokenProcessPool exception among all failed futures (GH-101268)
(cherry picked from commit 3c00ebc2bb)
(cherry picked from commit 4e8c9c6a57)
* Drop the abrupt-exit-code reporting from the 3.14 backport
Reporting the exit codes of processes that died without a known cause
is a new feature, not part of the gh-101267 bugfix. Keep only the
bugfix on 3.14: each failed future gets its own BrokenProcessPool
exception instead of one shared instance.
---------
(cherry picked from commit 27ff2c8c53)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Daniel Shields <daniel.shields@twosigma.com>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
[3.14][3.15] gh-151253: Dump the Python path configuration on _PyCodec_InitRegistry() failure (#151250) (#151269) (#151283)
[3.15] gh-151253: Dump the Python path configuration on _PyCodec_InitRegistry() failure (#151250) (#151269)
gh-151253: Dump the Python path configuration on _PyCodec_InitRegistry() failure (#151250)
If "import encodings" fails at Python startup, dump the Python path
configuration to help users debugging their configuration. The
encodings module is the first module imported during Python startup.
(cherry picked from commit 7b6e98911e)
(cherry picked from commit 10f616cf39)
(cherry picked from commit b3a7758d8a)
[3.14] gh-143988: Fix re-entrant mutation crashes in socket sendmsg/recvmsg_into (#143987) (#151251)
gh-143988: Fix re-entrant mutation crashes in socket sendmsg/recvmsg_into (#143987)
Fix crashes in socket.sendmsg() and socket.recvmsg_into() that could
occur if buffer sequences are mutated re-entrantly during argument
parsing via __buffer__ protocol callbacks.
The bug occurs because:
1. PySequence_Fast() returns the original list object when the input
is already a list (not a copy).
2. During iteration, PyObject_GetBuffer() triggers __buffer__
callbacks which may clear the list.
3. Subsequent iterations access invalid memory (heap OOB read).
The fix replaces PySequence_Fast() with PySequence_Tuple() which
always creates a new tuple, ensuring the sequence cannot be mutated
during iteration.
(cherry picked from commit 896f7fdc7d)
(cherry picked from commit 632daaf5e9)
Co-authored-by: tonghuaroot (童话) <tonghuaroot@gmail.com>
Co-authored-by: tonghuaroot <23011166+tonghuaroot@users.noreply.github.com>
gh-150988: Fix refleak in `OSError` when attrs are set before `super().__init__()` (GH-150990)
(cherry picked from commit f2a0f82282)
Co-authored-by: Lukas Geiger <lukas.geiger94@gmail.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
[3.15] gh-143008: Fix race re-initializing TextIOWrapper (#151203)
__init__() changes multiple variables and may be called more than once
from multiple threads.
(cherry picked from commit 0318867acf)
Co-authored-by: Cody Maloney <cmaloney@users.noreply.github.com>
[3.14] gh-149231: tomllib: Limit the number of parts in a key (GH-149233) (GH-149815)
(cherry picked from commit bc7c102f34)
(cherry picked from commit 724a5e5e3b)
Co-authored-by: Stan Ulbrych <stan@python.org>
gh-151112: Fix double free in `assemble_init` when out of memory (GH-151142)
(cherry picked from commit 580499177c)
Co-authored-by: Stan Ulbrych <stan@python.org>
Expose the XML Expat 2.7.2 APIs to tune protections against
"billion laughs" [1] attacks.
The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:
- `parser.SetBillionLaughsAttackProtectionActivationThreshold(threshold)`, and
- `parser.SetBillionLaughsAttackProtectionMaximumAmplification(max_factor)`.
This completes the work in f04bea44c3,
and improves the existing related documentation.
[1]: https://en.wikipedia.org/wiki/Billion_laughs_attack
(cherry picked from commit 666112376d)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
Nonatomic move might be used even if the files are
on the same filesystem in some cases.
(cherry picked from commit 6ecd197c03)
Co-authored-by: Fang Li <fangli@users.noreply.github.com>
