]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6c922bb) | patch
[3.13] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142144)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 1 Dec 2025 15:50:28 +0000 (16:50 +0100)
committerGitHub <noreply@github.com>
Mon, 1 Dec 2025 15:50:28 +0000 (15:50 +0000)
commit71fa8eb8233b37f16c88b6e3e583b461b205d1ba
treedeffb1f5a4ecde8c24fe343b5a22207ee44b5458tree | snapshot
parent6c922bbe28f2cd901ffa749240f96449287771a6commit | diff
[3.13] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142144)

Reading a specially prepared small Plist file could cause OOM because file's
read(n) preallocates a bytes object for reading the specified amount of
data. Now plistlib reads large data by chunks, therefore the upper limit of
consumed memory is proportional to the size of the input file.
(cherry picked from commit 694922cf40aa3a28f898b5f5ee08b71b4922df70)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/plistlib.py diff | blob | blame | history
Lib/test/test_plistlib.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git