mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'main' into optimize-list-set

Browse source
This commit is contained in:
Kumar Aditya 2025-12-17 15:16:58 +05:30 committed by GitHub
commit 6870f1c8bd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 38 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

11
Lib/test/test_sqlite3/__init__.py
View file

@ -6,9 +6,14 @@ import_helper.import_module('_sqlite3')
import os
import sqlite3
# make sure only print once
_printed_version = False
# Implement the unittest "load tests" protocol.
def load_tests(*args):
if verbose:
def load_tests(loader, tests, pattern):
global _printed_version
if verbose and not _printed_version:
print(f"test_sqlite3: testing with SQLite version {sqlite3.sqlite_version}")
_printed_version = True
pkg_dir = os.path.dirname(__file__)
return load_package_tests(pkg_dir, *args)
return load_package_tests(pkg_dir, loader, tests, pattern)

20
Lib/test/test_zoneinfo/test_zoneinfo.py
View file

@ -1551,6 +1551,26 @@ class ZoneInfoCacheTest(TzPathUserMixin, ZoneInfoTestBase):
except CustomError:
pass
def test_weak_cache_descriptor_use_after_free(self):
class BombDescriptor:
def __get__(self, obj, owner):
return {}
class EvilZoneInfo(self.klass):
pass
# Must be set after the class creation.
EvilZoneInfo._weak_cache = BombDescriptor()
key = "America/Los_Angeles"
zone1 = EvilZoneInfo(key)
self.assertEqual(str(zone1), key)
EvilZoneInfo.clear_cache()
zone2 = EvilZoneInfo(key)
self.assertEqual(str(zone2), key)
self.assertIsNot(zone2, zone1)
class CZoneInfoCacheTest(ZoneInfoCacheTest):
module = c_zoneinfo

1
Misc/NEWS.d/next/Library/2025-12-16-14-49-19.gh-issue-142783.VPV1ig.rst Normal file
View file

@ -0,0 +1 @@
Fix zoneinfo use-after-free with descriptor _weak_cache. a descriptor as _weak_cache could cause crashes during object creation. The fix ensures proper reference counting for descriptor-provided objects.

16
Modules/_zoneinfo.c
View file

@ -292,16 +292,11 @@ static PyObject *
get_weak_cache(zoneinfo_state *state, PyTypeObject *type)
{
if (type == state->ZoneInfoType) {
Py_INCREF(state->ZONEINFO_WEAK_CACHE);
return state->ZONEINFO_WEAK_CACHE;
}
else {
PyObject *cache =
PyObject_GetAttrString((PyObject *)type, "_weak_cache");
// We are assuming that the type lives at least as long as the function
// that calls get_weak_cache, and that it holds a reference to the
// cache, so we'll return a "borrowed reference".
Py_XDECREF(cache);
return cache;
return PyObject_GetAttrString((PyObject *)type, "_weak_cache");
}
}
@ -328,6 +323,7 @@ zoneinfo_ZoneInfo_impl(PyTypeObject *type, PyObject *key)
PyObject *weak_cache = get_weak_cache(state, type);
instance = PyObject_CallMethod(weak_cache, "get", "O", key, Py_None);
if (instance == NULL) {
Py_DECREF(weak_cache);
return NULL;
}
@ -335,6 +331,7 @@ zoneinfo_ZoneInfo_impl(PyTypeObject *type, PyObject *key)
Py_DECREF(instance);
PyObject *tmp = zoneinfo_new_instance(state, type, key);
if (tmp == NULL) {
Py_DECREF(weak_cache);
return NULL;
}
@ -342,12 +339,14 @@ zoneinfo_ZoneInfo_impl(PyTypeObject *type, PyObject *key)
PyObject_CallMethod(weak_cache, "setdefault", "OO", key, tmp);
Py_DECREF(tmp);
if (instance == NULL) {
Py_DECREF(weak_cache);
return NULL;
}
((PyZoneInfo_ZoneInfo *)instance)->source = SOURCE_CACHE;
}
update_strong_cache(state, type, key, instance);
Py_DECREF(weak_cache);
return instance;
}
@ -510,12 +509,14 @@ zoneinfo_ZoneInfo_clear_cache_impl(PyTypeObject *type, PyTypeObject *cls,
PyObject *item = NULL;
PyObject *pop = PyUnicode_FromString("pop");
if (pop == NULL) {
Py_DECREF(weak_cache);
return NULL;
}
PyObject *iter = PyObject_GetIter(only_keys);
if (iter == NULL) {
Py_DECREF(pop);
Py_DECREF(weak_cache);
return NULL;
}
@ -540,6 +541,7 @@ zoneinfo_ZoneInfo_clear_cache_impl(PyTypeObject *type, PyTypeObject *cls,
Py_DECREF(pop);
}
Py_DECREF(weak_cache);
if (PyErr_Occurred()) {
return NULL;
}