cpython

cpython copied to clipboard

gh-142781: Fix type confusion in zoneinfo weak cache

4

Validate the types returned from `_weak_cache.get()` and `_weak_cache.setdefault()` to prevent type confusion when a ZoneInfo subclass provides a misbehaving cache implementation. Fixes gh-142781.

superboy-zjc

Use-after-free in `save_picklebuffer` via re-entrant `buffer_callback` and `__bool__`

10

### What happened? In `save_picklebuffer` a user `buffer_callback` returns an object whose `__bool__` releases the `PickleBuffer`, freeing the bytearray while the function still holds `view->buf`. The pickler then proceeds into...

jackfromeast

Document CRLF handling for `http.server`

10

# Bug report ### Bug description: ## Vulnerability Description The `send_header` method in `Lib/http/server.py` writes headers directly to the output stream without checking for line breaks. When user-controlled input is...

aydinnyunus

Improve Tachyon UX

5

This is a meta issue to group all the items to improve the UX of the tachyon profiler. ## Tasks ### CLI - [x] **Standardize timing arguments** — Currently mixing...

pablogsal

gh-140287: Handle `PYTHONSTARTUP` script exceptions in the asyncio REPL

10

This is generally a work in progress; tests are needed. The asyncio patch is simple and ready. * Issue: gh-140287

johnslavik

gdb `py-bt` is no more compatible with Python 3.13+

18

# Bug report ### Bug description: ``` gdb ./python r Ctrl-C py-bt ``` ``` (gdb) py-bt Traceback (most recent call first): (unable to read python frame information) ``` 3.14.0b1 is...

cielavenir

Augment functools.cached_property tests for set/delete

2

`cached_property` supports set and delete but this is [not currently tested](https://github.com/python/cpython/blob/v3.14.0/Lib/test/test_functools.py#L3522). Minimal test extending `TestCachedProperty.test_cached`: ```python class TestCachedProperty(unittest.TestCase): def test_cached(self): item = CachedCostItem() self.assertEqual(item.cost, 2) self.assertEqual(item.cost, 2) # not 3...

gsakkis

gh-138284 : urllib.parse.parse_qsl now raises ValueError if illegal characters is passed, according to RFC 3986

12

urllib.parse.parse_qsl earlier it was accepting the illegal characters as well. Proof (that I reproduce) :  Closes issue : #138284 Proof (after fixing error):  I added the test for...

Davda-James

### What happened? `_channelend_shared` trusts an end's `_id` attribute and hands it to `_channelid_shared`, which blindly treats the object as a `_ChannelID` struct; a crafted end type can return an...

jackfromeast

Heap buffer overflow in `_format_TracebackException` when `TracebackException.format` omits newline

1

### What happened? `_format_TracebackException` assumes the `TracebackException.format` result is a newline-terminated buffer and truncates it in place, so a crafted override that returns an empty sequence makes the code treat...

jackfromeast