The CGI server on Windows could consume the amount of memory specified
in the Content-Length header of the request even if the client does not
send such much data. Now it reads the POST request body by chunks,
therefore the memory consumption is proportional to the amount of sent
data.
(cherry picked from commit 4172644d78)
Difference from the original commit: the default in 3.14 is to use
the simpler original protocol (except for filenames with newlines).
Co-authored-by: Petr Viktorin <encukou@gmail.com>
The initialization during `mod_exec` wasn't thread-safe with multiple interpreters.
(cherry picked from commit 2dac9e6016)
Co-authored-by: Alper <alperyoney@fb.com>
This fixes a regression introduced in gh-140558. The interpreter would
crash if we inserted a non `str` key into a split table that matches an
existing key.
(cherry picked from commit 547d8daf78)
Co-authored-by: Sam Gross <colesbury@gmail.com>
gh-142145: Remove quadratic behavior in node ID cache clearing (GH-142146)
* Remove quadratic behavior in node ID cache clearing
* Add news fragment
---------
(cherry picked from commit 08d8e18ad8)
Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Jacob Walls <38668450+jacobtylerwalls@users.noreply.github.com>
gh-59000: Fix pdb breakpoint resolution for class methods when module not imported (GH-141949)
(cherry picked from commit 5e58548ebe)
Co-authored-by: LloydZ <35182391+cocolato@users.noreply.github.com>
The GC for the free threaded build would get slower with each collection due
to effectively double counting objects freed by the GC.
(cherry picked from commit eb892868b3)
Co-authored-by: Kevin Wang <kevmo314@gmail.com>
Reading a specially prepared small Plist file could cause OOM because file's
read(n) preallocates a bytes object for reading the specified amount of
data. Now plistlib reads large data by chunks, therefore the upper limit of
consumed memory is proportional to the size of the input file.
(cherry picked from commit 694922cf40)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
The CGI server on Windows could consume the amount of memory specified
in the Content-Length header of the request even if the client does not
send such much data. Now it reads the POST request body by chunks,
so that the memory consumption is proportional to the amount of sent
data.
GH-141808: Do not generate the jit stencils twice in case of PGO builds on Windows. (GH-142043)
* do not build the jit stencils twice in case of PGO builds on Windows
* blurb it
(cherry picked from commit f2ca1581ca)
Co-authored-by: Chris Eibl <138194463+chris-eibl@users.noreply.github.com>
GH-91636: Clear weakrefs created by finalizers. (GH-136401)
Weakrefs to unreachable garbage that are created during running of
finalizers need to be cleared. This avoids exposing objects that
have `tp_clear` called on them to Python-level code.
(cherry picked from commit b6b99bf7f1)
Co-authored-by: Neil Schemenauer <nas-github@arctrix.com>
gh-141994: Warn of XXE vulnerability in documentation of SAX feature `xml.sax.handler.feature_external_ges` (GH-141996)
Doc/library/xml.sax.handler.rst: Warn of XXE with feature_external_ges
Related to commit baa9f33897
(cherry picked from commit 440bcb9456)
Co-authored-by: Sebastian Pipping <sebastian@pipping.org>
gh-74389: gh-70560: subprocess.Popen.communicate() now ignores stdin.flush error when closed (GH-142061)
gh-70560: gh-74389: subprocess.Popen.communicate() now ignores stdin.flush error when closed
with a unittest and news entry.
(cherry picked from commit 923056b2d4)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
gh-87512: Fix `subprocess` using `timeout=` on Windows blocking with a large `input=` (GH-142058)
On Windows, Popen._communicate() previously wrote to stdin synchronously, which could block indefinitely if the subprocess didn't consume input= quickly and the pipe buffer filled up. The timeout= parameter was only checked when joining the reader threads, not during the stdin write.
This change moves the Windows stdin writing to a background thread (similar to how stdout/stderr are read in threads), allowing the timeout to be properly enforced. If timeout expires, TimeoutExpired is raised promptly and the writer thread continues in the background. Subsequent calls to communicate() will join the existing writer thread.
Adds test_communicate_timeout_large_input to verify that TimeoutExpired is raised promptly when communicate() is called with large input and a timeout, even when the subprocess doesn't consume stdin quickly.
This test already passed on POSIX (where select() is used) but failed on Windows where the stdin write blocks without checking the timeout.
(cherry picked from commit 5b1862bdd8)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
gh-141473: Fix subprocess.Popen.communicate to send input to stdin upon a subsequent post-timeout call (GH-141477)
* gh-141473: Fix subprocess.Popen.communicate to send input to stdin
* Docs: Clarify that `input` is one time only on `communicate()`
* NEWS entry
* Add a regression test.
---------
(cherry picked from commit 526d7a8bb4)
Co-authored-by: Artur Jamro <artur.jamro@gmail.com>
Co-authored-by: Gregory P. Smith <greg@krypto.org>
GH-134453: Fix subprocess memoryview input handling on POSIX (GH-134949)
Fix inconsistent subprocess.Popen.communicate() behavior between Windows
and POSIX when using memoryview objects with non-byte elements as input.
On POSIX systems, the code was incorrectly comparing bytes written against
element count instead of byte count, causing data truncation for large
inputs with non-byte element types.
Changes:
- Cast memoryview inputs to byte view when input is already a memoryview
- Fix progress tracking to use len(input_view) instead of len(self._input)
- Add comprehensive test coverage for memoryview inputs
🤖 Generated with [Claude Code](https://claude.ai/code)
* old-man-yells-at-ReST
* Update 2025-05-30-18-37-44.gh-issue-134453.kxkA-o.rst
* assertIsNone review feedback
* fix memoryview_nonbytes test to fail without our fix on main, and have a nicer error.
Thanks to Peter Bierma @ZeroIntensity for the code review.
(cherry picked from commit cc6bc4c97f)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
* gh-125434: Display thread name in faulthandler on Windows (#140675)
(cherry picked from commit 313145eab5)
* gh-125434: Fix non-ASCII thread names in faulthandler on Windows (#140700)
Add _Py_DumpWideString() function to dump a wide string as ASCII. It
supports surrogate pairs.
Replace _Py_EncodeLocaleRaw() with _Py_DumpWideString()
in write_thread_name().
(cherry picked from commit 80f20f58b2)
Added atomic operations to `scanner_begin()` and `scanner_end()` to prevent
race conditions on the `executing` flag in free-threaded builds. Also added
tests for concurrent usage of the `re` module.
Without the atomic operations, `test_scanner_concurrent_access()` triggers
`assert(self->executing)` failures, or a thread sanitizer run emits errors.
(cherry picked from commit bc9e63dd9d)
Co-authored-by: Alper <alperyoney@fb.com>
Only raises if the stack pointer is both below the limit *and* above the stack base.
This prevents false positives for user-space threads, as the stack pointer will be outside those bounds
if the stack has been swapped.
Cherry-picked from commit c25a070759
Co-authored-by: Mark Shannon <mark@hotpy.org>
Co-authored-by: Rok Mandeljc <rok.mandeljc@gmail.com>
Co-authored-by: Mark Shannon <mark@hotpy.org>
Co-authored-by: Victor Stinner <vstinner@python.org>
* [3.14] GH-139914: Handle stack growth direction on HPPA (GH-140028)
Adapted from a patch for Python 3.14 submitted to the Debian BTS by John David Anglin https://bugs.debian.org/1105111#20
* Forgot to update test_call
* WTF typo
If we overflowed the global version counter (i.e., after 2*24 calls to
`_PyMonitoring_SetEvents`), we bailed out after setting global monitoring
events but before instrumenting code objects, which led to assertion errors
later on.
Also add a `time.sleep()` to `test_free_threading.test_monitoring` to avoid
overflowing the global version counter.
(cherry picked from commit e457d60daa)
Co-authored-by: Sam Gross <colesbury@gmail.com>
gh-98552: Revert (unneeded, already done elsewhere) "flush std streams in the multiprocessing forkserver before fork (GH-141849)" (GH-141871)
Revert (unneeded, already done elsewhere) "gh-98552: flush std streams in the multiprocessing forkserver before fork (GH-141849)"
This reverts commit 58badb1711.
(cherry picked from commit 614a28b3da)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
gh-98552: flush std streams in the multiprocessing forkserver before fork (GH-141849)
* flush std streams in the multiprocessing forkserver before fork
* NEWS
(cherry picked from commit 58badb1711)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
Added a critical section to protect the states of `ReaderObj` and `WriterObj` in the free-threading build. Without the critical sections, both new free-threading tests were crashing.
(cherry picked from commit fb26d9c2ef)
Co-authored-by: Alper <alperyoney@fb.com>
gh-141784: Fix _remote_debugging_module.c compilation on 32-bit Linux (#141796)
Include Python.h before system headers to make sure that
_remote_debugging_module.c uses the same types (ABI) than Python.
(cherry picked from commit 722f4bb8c9)
The dataclasses `__init__` function is generated dynamically by a call to `exec()` and so doesn't have deferred reference counting enabled. Enable deferred reference counting on functions when assigned as an attribute to type objects to avoid reference count contention when creating dataclass instances.
(cherry picked from commit ce79154176)
Co-authored-by: Edward Xu <xuxiangad@gmail.com>
gh-141570: can_colorize: Expect fileno() to raise OSError, as documented (GH-141716)
In Fedora, we've been given a slightly incomplete reproducer for a problematic
Python 3.14 color-related change in argparse that leads to an exception when
Python is used from mod_wsgi: https://bugzilla.redhat.com/2414940
mod_wsgi replaces sys.stdout with a custom object that raises OSError on .fileno():
8460dbfcd5/src/server/wsgi_logger.c (L434-L440)
This should be supported, as the documentation of fileno explicitly says:
> An OSError is raised if the IO object does not use a file descriptor.
https://docs.python.org/3.14/library/io.html#io.IOBase.fileno
The previously expected exception inherits from OSError,
so it is still expected.
Fixes https://github.com/python/cpython/issues/141570
(cherry picked from commit 96f496a949)
Co-authored-by: Miro Hrončok <miro@hroncok.cz>
Co-authored-by: Cody Maloney <cmaloney@users.noreply.github.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
