]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9c9dda6) | patch
[3.12] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (#142149)
authorSerhiy Storchaka <storchaka@gmail.com>
Mon, 22 Dec 2025 13:49:44 +0000 (15:49 +0200)
committerGitHub <noreply@github.com>
Mon, 22 Dec 2025 13:49:44 +0000 (14:49 +0100)
commit5a8b19677d818fb41ee55f310233772e15aa1a2b
tree8da3dddf60cd8e5458b87f470974301ac213ce3btree | snapshot
parent9c9dda6625a2a90d2a06c657eee021d6be19842dcommit | diff
[3.12] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (#142149)

Reading a specially prepared small Plist file could cause OOM because file's
read(n) preallocates a bytes object for reading the specified amount of
data. Now plistlib reads large data by chunks, therefore the upper limit of
consumed memory is proportional to the size of the input file.
(cherry picked from commit 694922cf40aa3a28f898b5f5ee08b71b4922df70)
Lib/plistlib.py diff | blob | blame | history
Lib/test/test_plistlib.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git