Skip to content

gh-144475: Fix a heap buffer overflow in partial_repr#144571

Closed
brijkapadia wants to merge 231 commits intopython:mainfrom
brijkapadia:fix-functools_partial_repr_bug
Closed

gh-144475: Fix a heap buffer overflow in partial_repr#144571
brijkapadia wants to merge 231 commits intopython:mainfrom
brijkapadia:fix-functools_partial_repr_bug

Conversation

@brijkapadia
Copy link
Copy Markdown
Contributor

@brijkapadia brijkapadia commented Feb 7, 2026
edited by bedevere-app bot
Loading

@python-cla-bot
Copy link
Copy Markdown

python-cla-bot bot commented Feb 7, 2026
edited
Loading

The following commit authors need to sign the Contributor License Agreement:

CLA not signed

@bedevere-app bedevere-app bot mentioned this pull request Feb 7, 2026
Open
@bedevere-app
Copy link
Copy Markdown

bedevere-app bot commented Feb 7, 2026

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

@picnixz
Copy link
Copy Markdown
Member

picnixz commented Feb 7, 2026
edited
Loading

Please:

  • add regression tests and check that the test failed before your change
  • remove blank lines in NEWS

picnixz
picnixz reviewed Feb 7, 2026
View reviewed changes
picnixz
picnixz reviewed Feb 7, 2026
View reviewed changes
@picnixz
Copy link
Copy Markdown
Member

picnixz commented Feb 7, 2026
edited
Loading

By the way, @dr-carlos already suggested to open a PR. It is polite to ask them if they want to contribute themselves. As such, I'm going to close this one unless they are fine with you making the PR (we don't really want people "sniping" work of others)

@brijkapadia
Copy link
Copy Markdown
Contributor Author

brijkapadia commented Feb 7, 2026

Thanks for the feedback. I missed that @dr-carlos suggested to fix it.

I’m happy to close this PR if @dr-carlos is already working on it.

@brijkapadia @picnixz
Apply suggestion from @picnixz
e53d7e9 
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
@dr-carlos
Copy link
Copy Markdown
Contributor

dr-carlos commented Feb 7, 2026

Thanks for the feedback. I missed that @dr-carlos suggested to fix it.

I’m happy to close this PR if @dr-carlos is already working on it.

Hi, thanks for asking!
I'm happy for you to continue with the PR :)

dr-carlos
dr-carlos reviewed Feb 7, 2026
View reviewed changes
@brijkapadia
Copy link
Copy Markdown
Contributor Author

brijkapadia commented Feb 8, 2026
edited
Loading

Here are the changes I made:

  • I added a kw local pointer, as a similar segfault happens for keywords
  • I added an fn local pointer so that repr uses its original state when generating its final representation.
  • I got rid of the error goto and merged it with the done goto as I needed to decrement the reference count of fn, args, and kw, and I found that decrementing them in the done goto was the easiest.
    Update: I changed the goto logic to reduce repetitive calls to Py_DECREF
  • I added a test based on @Qanux's original code in issue heap-buffer-overflow in functools.partial.__repr__() #144475. I extended it to also check for changes in the fn and kw arguments.

serhiy-storchaka and others added 23 commits February 28, 2026 08:31
@serhiy-storchaka @brijkapadia
pythongh-145202: Fix crash in unicodedata's GraphemeBreakIterator and…
3032154 
… Segment (pythonGH-145216)

Remove the tp_clear slots and make Segment members read-only.

Also add tests for reference loops involving GraphemeBreakIterator
and Segment.
@adorilson @brijkapadia
pythongh-106318: Add examples for str.rjust() method (python#143890)
7e3e3c7
@iamrajhans @brijkapadia
pythongh-144190: Clarify get_type_hints() instance behavior in docs (p…
9577f19 
…ython#144831)
@eendebakpt @brijkapadia
pythongh-141510: Update PyDict_Copy documentation with note on `fro…
50beac6 
…zendict` (pythonGH-145249)
@taegyunkim @brijkapadia
pythongh-144316: Fix missing exception in _remote_debugging with debu…
b9b2499 
…g=False (python#144442)
@skirpichev @brijkapadia
pythongh-141510: support frozendict's in the C decimal module (python…
0c4d940 
…gh-145165)
@AdamKorcz @brijkapadia
pythongh-144872: fix heap buffer overflow _PyTokenizer_ensure_utf8 (p…
18910cc 
…ython#144807)
@abdoulrasheed @brijkapadia
pythongh-142787: Handle empty sqlite3 blob slices (python#142824)
26a469c
@serhiy-storchaka @brijkapadia
Fix unlikely potential reference leak in _locale._getdefaultlocale (p…
03ab030 
…ythonGH-145250)

It occurs in a code which perhaps never executed.
@mokurin000 @brijkapadia
pythongh-123853: Cleanup Windows 95 locale fallback support (python#1…
6bedc25 
…44738)

Closes python#123853
@pablogsal @brijkapadia
pythongh-145234: Normalize decoded CR in string tokenizer (python#145281
aca1c73 
)
@ZeroIntensity @brijkapadia
pythongh-141004: Document missing type flags (pythonGH-145127)
2ccbe65
@taegyunkim @sergey-miryanov
@ZeroIntensity @brijkapadia
pythongh-144693: Clarify that PyFrame_GetBack does not raise except…
b1ae874 
…ions (pythonGH-144824)

Co-authored-by: Sergey Miryanov <sergey.miryanov@gmail.com>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
@VanshAgarwal24036 @brijkapadia
pythongh-145142: Make str.maketrans safe under free-threading (python…
bbcb932 
…gh-145157)
@indoor47 @brijkapadia
pythongh-145305: Update ocert.org URLs in docs from http to https (py…
46a35ea 
…thon#145304)

Co-authored-by: Adam (indoor47) <adamai@agentmail.to>
@StanFromIreland @hugovk @brijkapadia
pythongh-76007: Deprecate tarfile.version (python#145326)
a1ecfd1 
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
@colesbury @brijkapadia
pythongh-145230: Update lockbench (pythongh-145231)
07be84d 
Remove PyThread_type_lock (now uses PyMutex internally).

Add new benchmark options:
- work_inside/work_outside: control work inside and outside the critical section to vary contention levels
- num_locks: use multiple independent locks with threads assigned round-robin
- total_iters: fixed iteration count per thread instead of time-based, useful for measuring fairness
- num_acquisitions: lock acquisitions per loop iteration
- random_locks: acquire random lock each iteration

Also return elapsed time from benchmark_locks() and switch lockbench.py to use argparse.
@savannahostrowski @brijkapadia
pythonGH-144533: Use wasmtime's --argv0 to auto-discover sysconfig in…
4560c85 
… WASI builds (python#145328)
@johnslavik @brijkapadia
pythongh-145334: Make lazy import tests discoverable (python#145336)
2958b3c
@hugovk @brijkapadia
pythongh-142927: Tachyon: Fix singular and plurals (python#145329)
e916488
@pablogsal @johnslavik @brijkapadia
pythongh-145241: specialize SyntaxError for single trailing-comma wit…
0d13a6e 
…h item (python#145282)

Co-authored-by: Bartosz Sławecki <bartosz@ilikepython.com>
@ngoldbaum @eendebakpt @brijkapadia
pythongh-145269: simplify bisect.bisect doc example (python#145270)
b17b37c 
Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>

---------

Co-authored-by: Pieter Eendebak <pieter.eendebak@gmail.com>
@StanFromIreland @brijkapadia
Add Stan to 'Dates and times' reviewers (python#145360)
8795fa5
@brijkapadia brijkapadia deleted the fix-functools_partial_repr_bug branch February 28, 2026 13:41
@hugovk hugovk removed request for a team, berkerpeksag and freakboy3742 February 28, 2026 14:02
@brijkapadia brijkapadia mentioned this pull request Feb 28, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@serhiy-storchaka serhiy-storchaka serhiy-storchaka left review comments

@picnixz picnixz picnixz left review comments

+2 more reviewers

@caje731 caje731 caje731 left review comments

@dr-carlos dr-carlos dr-carlos left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

awaiting review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.