]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 29c657a) | patch
[3.14] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142143)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 1 Dec 2025 15:54:58 +0000 (16:54 +0100)
committerGitHub <noreply@github.com>
Mon, 1 Dec 2025 15:54:58 +0000 (15:54 +0000)
commitb64441e4852383645af5b435411a6f849dd1b4cb
tree8b6a63e73457b7e6b15671debdb38e2927752870tree | snapshot
parent29c657a1f231c0908796e0c9ff6967e15ab20d9bcommit | diff
[3.14] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (GH-142143)

Reading a specially prepared small Plist file could cause OOM because file's
read(n) preallocates a bytes object for reading the specified amount of
data. Now plistlib reads large data by chunks, therefore the upper limit of
consumed memory is proportional to the size of the input file.
(cherry picked from commit 694922cf40aa3a28f898b5f5ee08b71b4922df70)

Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Lib/plistlib.py diff | blob | blame | history
Lib/test/test_plistlib.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git