git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.13] gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987) (#145996)

* gh-145986: Avoid unbound C recursion in `conv_content_model` in `pyexpat.c` (CVE 2026-4224) (GH-145987)

Fix C stack overflow (CVE-2026-4224) when an Expat parser
with a registered `ElementDeclHandler` parses inline DTD
containing deeply nested content model.

---------
(cherry picked from commit eb0e8be3a7e11b87d198a2c3af1ed0eccf532768)

Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
* Remvoe `skip_if_unlimited_stack_size` decorator

* Remove more decorators not on this branch

---------

Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Mon, 16 Mar 2026 09:09:27 +0000 (10:09 +0100)
committer	GitHub <noreply@github.com>
	Mon, 16 Mar 2026 09:09:27 +0000 (14:39 +0530)
commit	196edfb06a7458377d4d0f4b3cd41724c1f3bd4a
tree	08936d44e9d42460f4d005903fa633ba3d61c91c	tree \| snapshot
parent	1d6e037b624534ef60176ef5d34af26d69431df9	commit \| diff

Lib/test/test_pyexpat.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2026-03-14-17-31-39.gh-issue-145986.ifSSr8.rst	[new file with mode: 0644]	blob
Modules/pyexpat.c		diff \| blob \| blame \| history