]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0557a1f) | patch
[3.11] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (#142150)
authorSerhiy Storchaka <storchaka@gmail.com>
Mon, 2 Mar 2026 22:55:04 +0000 (00:55 +0200)
committerGitHub <noreply@github.com>
Mon, 2 Mar 2026 22:55:04 +0000 (22:55 +0000)
commitcefee7d118a26ef6cd43db59bb9d98ca9a331111
tree58890b2c97969b53a2ec353c497c8a8d091d54a4tree | snapshot
parent0557a1fcbdffc3056b5ee4ab63dd7e0b3ca2d036commit | diff
[3.11] gh-119342: Fix a potential denial of service in plistlib (GH-119343) (#142150)

Reading a specially prepared small Plist file could cause OOM because file's
read(n) preallocates a bytes object for reading the specified amount of
data. Now plistlib reads large data by chunks, therefore the upper limit of
consumed memory is proportional to the size of the input file.
(cherry picked from commit 694922cf40aa3a28f898b5f5ee08b71b4922df70)
Lib/plistlib.py diff | blob | blame | history
Lib/test/test_plistlib.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2024-05-21-22-11-31.gh-issue-119342.BTFj4Z.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git