Commit Graph

4282 Commits

Author SHA1 Message Date
Pablo Galindo 5103df46e0 Post 3.11.4 2023-06-07 09:37:03 +01:00
Pablo Galindo d2340ef257 Python 3.11.4 2023-06-06 23:00:27 +01:00
Lysandros Nikolaou a09d3901a5
[3.11] gh-96670: Raise SyntaxError when parsing NULL bytes (GH-97594) (#104195) 2023-05-07 11:12:04 +01:00
Miss Islington (bot) 15ffcf76e1
[3.11] gh-104018: remove unused format "z" handling in string formatfloat() (GH-104107) (#104260)
gh-104018: remove unused format "z" handling in string formatfloat() (GH-104107)

This is a cleanup overlooked in PR GH-104033.
(cherry picked from commit 69621d1b09)

Co-authored-by: John Belmonte <john@neggie.net>
2023-05-07 05:06:06 +00:00
Miss Islington (bot) 851e74441e
gh-99069: Consolidate checks for static_assert (GH-94766)
Several platforms don't define the static_assert macro despite having
compiler support for the _Static_assert keyword. The macro needs to be
defined since it is used unconditionally in the Python code. So it
should always be safe to define it if undefined and not in C++11 (or
later) mode.

Hence, remove the checks for particular platforms or libc versions,
and just define static_assert anytime it needs to be defined but isn't.
That way, all platforms that need the fix will get it, regardless of
whether someone specifically thought of them.

Also document that certain macOS versions are among the platforms that
need this.

The C2x draft (currently expected to become C23) makes static_assert
a keyword to match C++. So only define the macro for up to C17.

(cherry picked from commit 96e1901a59)

Co-authored-by: Joshua Root <jmr@macports.org>
Co-authored-by: Victor Stinner <vstinner@python.org>
2023-04-05 08:44:13 -07:00
Pablo Galindo ff844aa16e Post 3.11.3 2023-04-05 12:16:08 +01:00
Pablo Galindo f3909b8bc8 Python 3.11.3 2023-04-04 23:22:17 +01:00
Pablo Galindo e396888a6e Post 3.11.2 2023-02-08 09:55:26 +00:00
Pablo Galindo 878ead1ac1 Python 3.11.2 2023-02-07 13:37:51 +00:00
Miss Islington (bot) d2aaf818ae
[3.11] gh-101037: Fix potential memory underallocation for zeros of int subtypes (GH-101038) (#101219)
gh-101037: Fix potential memory underallocation for zeros of int subtypes (GH-101038)

This PR fixes object allocation in long_subtype_new to ensure that there's at least one digit in all cases, and makes sure that the value of that digit is copied over from the source long.

Needs backport to 3.11, but not any further: the change to require at least one digit was only introduced for Python 3.11.

Fixes GH-101037.
(cherry picked from commit 401fdf9c85)

Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
2023-01-21 10:54:09 +00:00
Bill Fisher 57e727af3f
[3.11] gh-99110: Initialize frame->previous in init_frame to fix segmentation fault (GH-100182) (#100478)
(cherry picked from commit 88d565f32a)

Co-authored-by: Bill Fisher <william.w.fisher@gmail.com>
2022-12-24 11:17:10 +05:30
Pablo Galindo fbc3e1ed90 Post 3.11.1 2022-12-06 21:07:58 +00:00
Pablo Galindo a7a450f84a Python 3.11.1 2022-12-06 19:05:27 +00:00
Victor Stinner 0c6b3a2d8e
[3.11] Revert "[3.11] gh-98724: Fix Py_CLEAR() macro side effects (#99100)" (#99573)
Revert "gh-98724: Fix Py_CLEAR() macro side effects (#99100) (#99288)"

This reverts commit 1082890857.
2022-11-21 18:01:10 +01:00
Victor Stinner 1082890857
gh-98724: Fix Py_CLEAR() macro side effects (#99100) (#99288)
The Py_CLEAR(), Py_SETREF() and Py_XSETREF() macros now only evaluate
their argument once. If an argument has side effects, these side
effects are no longer duplicated.

Add test_py_clear() and test_py_setref() unit tests to _testcapi.

(cherry picked from commit c03e05c2e7)
2022-11-09 16:29:23 +01:00
Pablo Galindo Salgado b3cafb60af
[3.11] Fix v3.11.0 release merge problems (GH-98622)
When merging the v3.11.0 tag into 3.11, some files were incorrectly updated and some others were not properly deleted.

Automerge-Triggered-By: GH:pablogsal
2022-10-24 16:30:06 -07:00
Pablo Galindo 69b6b56d85 Python 3.11.0
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmNWzOwACgkQ/+h0BBaL
 2EcepxAAmZLGMrL4D7Zxzo6N2ezkuiuoQH4JvxIUaB7cjU5h0GSUFlmcJQCHhCwk
 AvToQrmH/7uuuEZKST1fomtUE83wudfHhX2t+CMBdbLG1hIwhTfLNMTqFhONturF
 XlkVUcva1i9XrYZPLl1pIcBf1Sjm6pPW5QZ4BP1ZHJ5C2pHEzaBRFX/q0lU5aF9O
 z5nBBpnga2gShUTqM1VkXucU4lKXsi4blbn/Z8giganMXY1SXIsEOoCaDZYN1Hh/
 xQiOpSrjy/uSz4vGSNuPwp9J2lRlw8n4RBd/P7om01CrJMAKotH+62OqwhlQ8ydB
 ywp0kygtPtMdSK7F1WKMWkYX4CXfLpYwN0+x3Z3iYFBFiuzOFrUCQYgqqfEPNq+o
 bQxxnhAvYcOVINUub6oL23hgFZIoM6l54L66qujQVFM0usCY2f23Ikqd0Z7K8+6e
 uDRAvGiCHkbbfhdnfXzc/Wgj4zLaPnNs8S2s8ojK32NPV8gyWVBumcsRvlocfl6K
 hoA5wqeAXsOv+pFjkGtk90Yg+8R9n+n47//o6uYW/vvZtksm2wPm3hnuCA0WqPzN
 IM7SJE5VrtSRqQpXT9j4G3zyHDNT/Qhrh+cyBM5kgoPSdbU0ugZN8P7GWVtsFhmK
 rrHRns85gNZJ6qTN1pU22MybYCPIsg5Dt6+jZ8hJWIzOOy9apIk=
 =Ryd2
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEz9yiRbEEPPKl+Xhl/+h0BBaL2EcFAmNW55YACgkQ/+h0BBaL
 2EfCLg//bMWtb/X3D+IM+9BIrpEscj/vw22zH9j8PIRd8iWfW80TNEIBh4uPEc0j
 SDTkA5bqN6CB7xqIxDlWQcJpGiImVZ2LzOw8HHye1QCfVZk741CF78UhEnb+hTbO
 gr7nIznytv+VdMSDRHTSgpnkRNQ9FjFEHLu7YQTMof5i/YmTxWZcsru6dTLlEutg
 F3+PfxbKwPgJkfare91X62XSQwyTL6k0mvl5+Sdq2WEQdgMqv4I8V9dHbnk9K3VI
 B+K2xsfIyWHrLDwQa3LBZj4YOKTwnwqlr1sEqO47NfasWaMYa1vBsktLVtPVQ3xS
 Hz0lLhJXJLzf5hmf2r4Tw1S5spn5ijsZ7CwK2Zl+1+dbJMpRoK4VeSSYy/OfEpwy
 8Hx1YitMyORF3HkGWa+pPYPNaIOw4S/EQQPYd5osg3NnknYjkkKZZaliq7EZra7c
 GANPJamXhHREQyhux9KeiYZer3SU3CSXopyxm8ClcBZJAiAOjhAdeOk+Q4Ta9T6+
 gRWBOrelroyFTWHsOd8V7gSz3XJNuAzlNZ/+1Oj/7Em+5DGLFcxJrZGLxn+hruZ5
 GPK9IQXbURAuxqVrqCzw2tzf/NzJr0fs4QDYEVI95pfLjzk1tuJ5WR6zFNC0COK2
 qw8TTvXglsvHqVMnK8u73GVSTv1UGYqbQH9uAeEikAQYr3TTdZo=
 =dsZm
 -----END PGP SIGNATURE-----

Merge tag 'v3.11.0' into 3.11

Python 3.11.0
2022-10-24 20:29:24 +01:00
Pablo Galindo deaf509e8f
Python 3.11.0 2022-10-24 18:35:39 +01:00
Pablo Galindo b0925211f4
Post 3.11.0rc2 2022-10-22 20:04:32 +01:00
Miss Islington (bot) 4d1de87042
gh-96959: Update HTTP links which are redirected to HTTPS (GH-96961)
(cherry picked from commit db39050396)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
2022-09-25 01:20:45 -07:00
Pablo Galindo 14adf4667e
Post 3.11.0rc2 2022-09-12 11:54:49 +01:00
Pablo Galindo ed7c3ff156
Python 3.11.0rc2 2022-09-11 20:23:30 +01:00
Mark Shannon e72f469e85
[3.11] GH-96569: Avoid undefined behavior (#96616)
Co-authored-by: Michael Droettboom <mdboom@gmail.com>
2022-09-08 12:00:04 +01:00
Miss Islington (bot) 8a776d1d51
gh-95778: Correctly pre-check for int-to-str conversion (GH-96537)
Converting a large enough `int` to a decimal string raises `ValueError` as expected. However, the raise comes _after_ the quadratic-time base-conversion algorithm has run to completion. For effective DOS prevention, we need some kind of check before entering the quadratic-time loop. Oops! =)

The quick fix: essentially we catch _most_ values that exceed the threshold up front. Those that slip through will still be on the small side (read: sufficiently fast), and will get caught by the existing check so that the limit remains exact.

The justification for the current check. The C code check is:
```c
max_str_digits / (3 * PyLong_SHIFT) <= (size_a - 11) / 10
```

In GitHub markdown math-speak, writing $M$ for `max_str_digits`, $L$ for `PyLong_SHIFT` and $s$ for `size_a`, that check is:
$$\left\lfloor\frac{M}{3L}\right\rfloor \le \left\lfloor\frac{s - 11}{10}\right\rfloor$$

From this it follows that
$$\frac{M}{3L} < \frac{s-1}{10}$$
hence that
$$\frac{L(s-1)}{M} > \frac{10}{3} > \log_2(10).$$
So
$$2^{L(s-1)} > 10^M.$$
But our input integer $a$ satisfies $|a| \ge 2^{L(s-1)}$, so $|a|$ is larger than $10^M$. This shows that we don't accidentally capture anything _below_ the intended limit in the check.

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
(cherry picked from commit b126196838)

Co-authored-by: Mark Dickinson <dickinsm@gmail.com>
2022-09-04 09:45:02 -07:00
Gregory P. Smith f8b71da9aa
[3.11] gh-95778: CVE-2020-10735: Prevent DoS by very large int() (#96500)
Integer to and from text conversions via CPython's bignum `int` type is not safe against denial of service attacks due to malicious input. Very large input strings with hundred thousands of digits can consume several CPU seconds.

This PR comes fresh from a pile of work done in our private PSRT security response team repo.

This backports https://github.com/python/cpython/pull/96499 aka 511ca94520

Signed-off-by: Christian Heimes [Red Hat] <christian@python.org>
Tons-of-polishing-up-by: Gregory P. Smith [Google] <greg@krypto.org>
Reviews via the private PSRT repo via many others (see the NEWS entry in the PR).

<!-- gh-issue-number: gh-95778 -->
* Issue: gh-95778
<!-- /gh-issue-number -->

I wrote up [a one pager for the release managers](https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y/edit#).
2022-09-02 09:48:57 -07:00
Miss Islington (bot) 1901ee7a52
gh-46845: clean up unused DK_IXSIZE (GH-96405)
(cherry picked from commit d21d2f0793)

Co-authored-by: Matthias Görgens <matthias.goergens@gmail.com>
2022-08-30 00:28:51 -07:00
Miss Islington (bot) df9c12e287
Fix typo in internal/pycore_atomic.h (GH-95939)
(cherry picked from commit 8281cbddc6)

Co-authored-by: fluesvamp <105884371+fluesvamp@users.noreply.github.com>
2022-08-12 21:04:06 -07:00
Pablo Galindo 19eed66d2b
Post 3.11.0rc1 2022-08-08 14:07:31 +01:00
Pablo Galindo 41cb07120b
Python 3.11.0rc1 2022-08-05 15:45:18 +01:00
Miss Islington (bot) f2926358d1
gh-94936: C getters: co_varnames, co_cellvars, co_freevars (GH-95008)
(cherry picked from commit 42b102bbf9)

Co-authored-by: Ken Jin <28750310+Fidget-Spinner@users.noreply.github.com>
2022-08-04 07:16:52 -07:00
Mark Shannon 312dab29a3
Revert "[3.11] GH-92678: Expose managed dict clear and visit functions (GH-95246). (#95256)" (#95647)
This reverts commit 7f73194339.
2022-08-04 13:03:07 +01:00
Christian Heimes e62a0dfab2
[3.11] gh-95174: Add pthread stubs for WASI (GH-95234) (#95503)
Co-authored-by: Brett Cannon <brett@python.org>.
(cherry picked from commit 0fe645d6fd)

Co-authored-by: Christian Heimes <christian@python.org>
2022-08-01 15:37:45 +01:00
Miss Islington (bot) 00566a8124
GH-90081: Run python tracers at full speed (GH-95328) (#95363)
(cherry picked from commit b8b2990fb3)

Co-authored-by: Mark Shannon <mark@hotpy.org>

Co-authored-by: Mark Shannon <mark@hotpy.org>
2022-07-29 09:43:52 +01:00
Miss Islington (bot) 86eb500068
[3.11] gh-95185: Check recursion depth in the AST constructor (GH-95186) (GH-95208)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
(cherry picked from commit 0047447294)

Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
2022-07-26 12:19:22 +02:00
Pablo Galindo 2fb64a0687
Post 3.11.0b5 2022-07-26 11:12:43 +01:00
Pablo Galindo 0771d71eea
Python 3.11.0b5 2022-07-25 23:21:18 +01:00
Pablo Galindo Salgado 7f73194339
[3.11] GH-92678: Expose managed dict clear and visit functions (GH-95246). (#95256)
Co-authored-by: Mark Shannon <mark@hotpy.org>
2022-07-25 23:05:27 +01:00
Mark Shannon e5ff5ec3ff
[3.11] GH-94739: Backport GH-94958 to 3.11 (#94965) 2022-07-25 12:11:06 +01:00
Brandt Bucher 5a48ab01e9
[3.11] GH-95113: Don't use EXTENDED_ARG_QUICK in unquickened code (GH-95121) (GH-95143)
(cherry picked from commit e402b26b7f)
2022-07-22 11:56:10 -07:00
Miss Islington (bot) d9107aa015
gh-94731: Revert to C-style casts for _Py_CAST (GH-94782) (#94849)
Co-authored-by: da-woods <dw-git@d-woods.co.uk>
(cherry picked from commit 6cbb57f62d)
2022-07-15 09:35:23 +02:00
Pablo Galindo a4b98a792f
Post 3.11.0b4 2022-07-11 18:31:05 +01:00
Pablo Galindo 5a7e1e0a92
Python 3.11.0b4 2022-07-11 16:25:22 +01:00
Miss Islington (bot) 68f5fa6683
[3.11] GH-94262: Don't create frame objects for frames that aren't yet complete. (GH-94371) (#94482)
Co-authored-by: Mark Shannon <mark@hotpy.org>
2022-07-04 19:43:12 +01:00
Mark Shannon 113b309f18
[3.11] GH-93354: Use exponential backoff to avoid excessive specialization attempts (GH-93355) (GH-93379)
Co-authored-by: Mark Shannon <mark@hotpy.org>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
2022-06-30 23:03:37 +02:00
Mark Shannon 3b4f5ed168
[3.11] GH-93516: Backport GH-93769 (GH-94231)
* Store offset of first traceable instruction to avoid having to recompute it all the time when tracing.
2022-06-28 16:30:22 +01:00
Christian Heimes 56f5f90496
[3.11] gh-90473: Reduce recursion limit on WASI even further (GH-94333) (GH-94334)
Co-authored-by: Christian Heimes <christian@python.org>
2022-06-27 18:33:01 +02:00
Ken Jin 852b4d4bcd
[3.11] gh-93382: Cache result of `PyCode_GetCode` in codeobject (GH-93383) (#93493)
Co-authored-by: Kumar Aditya <59607654+kumaraditya303@users.noreply.github.com>
Co-authored-by: Dennis Sweeney <36520290+sweeneyde@users.noreply.github.com>
2022-06-23 17:24:49 +01:00
Mark Shannon 3ece6e6feb
[3.11] GH-93516: Backport GH-93769: Speedup line number checks when tracing (GH-94127)
Co-authored-by: Pablo Galindo <pablogsal@gmail.com>
2022-06-22 16:32:02 +01:00
Victor Stinner 96254a9acd
gh-93937, C API: Move PyFrame_GetBack() to Python.h (#93938) (#94000)
Move the follow functions and type from frameobject.h to pyframe.h,
so the standard <Python.h> provide frame getter functions:

* PyFrame_Check()
* PyFrame_GetBack()
* PyFrame_GetBuiltins()
* PyFrame_GetGenerator()
* PyFrame_GetGlobals()
* PyFrame_GetLasti()
* PyFrame_GetLocals()
* PyFrame_Type

Remove #include "frameobject.h" from many C files. It's no longer
needed.

(cherry picked from commit 27b9894033)
2022-06-20 15:47:41 +02:00
Miss Islington (bot) 74561095d9
gh-91731: Don't define 'static_assert' in C++11 where is a keyword to avoid UB (GH-93700)
(cherry picked from commit 65ff27c7d3)

Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
2022-06-16 07:50:15 -07:00