Skip to content

[pull] main from python:main #529

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pull merged 8 commits into from
Dec 5, 2025
Merged

[pull] main from python:main #529

pull merged 8 commits into from
Dec 5, 2025

Conversation

@pull
Copy link

@pull pull bot commented Dec 5, 2025
edited by github-actions bot
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

📚 Documentation preview 📚: https://cpython-previews--529.org.readthedocs.build/

CuriousLearner and others added 8 commits December 5, 2025 13:18
@CuriousLearner
gh-48752: Add readline.get_pre_input_hook() function (#141586)
4238a97 
Add readline.get_pre_input_hook() to retrieve the current pre-input
hook. This allows applications to save and restore the hook without
overwriting user settings.
@mhsmith
Fix disk space issues in Android CI (#142289)
cac4b04
@serhiy-storchaka
gh-101100: Fix references to the set methods (GH-141857)
1d8f3ed
@serhiy-storchaka @skirpichev
gh-141370: Fix undefined behavior when using Py_ABS() (GH-141548)
706fdda 
Co-authored-by: Sergey B Kirpichev <skirpichev@gmail.com>
@serhiy-storchaka
Add explanation comments for tests for overlapped ZIP entries (GH-137152
100c726 
)
@savannahostrowski @hugovk
GH-139862: Remove color from HelpFormatter (#142274)
4b14529 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
@savannahostrowski
GH-142267: Cache formatter to avoid repeated _set_color calls (#142268
4085ff7 
)
@serhiy-storchaka @claude @gpshead
gh-115952: Fix a potential virtual memory allocation denial of servic…
59f247e 
…e in pickle (GH-119204)

Loading a small data which does not even involve arbitrary code execution
could consume arbitrary large amount of memory. There were three issues:

* PUT and LONG_BINPUT with large argument (the C implementation only).
  Since the memo is implemented in C as a continuous dynamic array, a single
  opcode can cause its resizing to arbitrary size. Now the sparsity of
  memo indices is limited.
* BINBYTES, BINBYTES8 and BYTEARRAY8 with large argument.  They allocated
  the bytes or bytearray object of the specified size before reading into
  it.  Now they read very large data by chunks.
* BINSTRING, BINUNICODE, LONG4, BINUNICODE8 and FRAME with large
  argument.  They read the whole data by calling the read() method of
  the underlying file object, which usually allocates the bytes object of
  the specified size before reading into it.  Now they read very large data
  by chunks.

Also add comprehensive benchmark suite to measure performance and memory
impact of chunked reading optimization in PR #119204.

Features:
- Normal mode: benchmarks legitimate pickles (time/memory metrics)
- Antagonistic mode: tests malicious pickles (DoS protection)
- Baseline comparison: side-by-side comparison of two Python builds
- Support for truncated data and sparse memo attack vectors

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
@pull pull bot locked and limited conversation to collaborators Dec 5, 2025
@pull pull bot added the ⤵️ pull label Dec 5, 2025
@pull pull bot merged commit 59f247e into tj-python:main Dec 5, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CuriousLearner @mhsmith @serhiy-storchaka @savannahostrowski