🌐 AI搜索 & 代理 主页
Google Git
Sign in
chromium / external / github.com / python / cpython / refs/heads/3.12
commit0e4cd897811651d896c5be9beec803b506131c7c[log] [tgz]
authorSebastian Pipping <sebastian@pipping.org>Wed Dec 17 14:58:59 2025
committerGitHub <noreply@github.com>Wed Dec 17 14:58:59 2025
tree7bbae7a77fb3e898577446ab7d678cdcd0a9efac
parentd849cf5fec76947865370a41baba8934c581cdb2 [diff]
[3.12] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) (#139527)

* [3.12] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234)

Expose the XML Expat 2.7.2 mitigation APIs to disallow use of
disproportional amounts of dynamic memory from within an Expat
parser (see CVE-2025-59375 for instance).

The exposed APIs are available on Expat parsers, that is,
parsers created by `xml.parsers.expat.ParserCreate()`, as:

- `parser.SetAllocTrackerActivationThreshold(threshold)`, and
- `parser.SetAllocTrackerMaximumAmplification(max_factor)`.

(cherry picked from commit f04bea44c37793561d753dd4ca6e7cd658137553)
(cherry picked from commit 68a1778b7721f3fb853cd3aa674f7039c2a4df36)
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
7 files changed
tree: 7bbae7a77fb3e898577446ab7d678cdcd0a9efac
  1. .azure-pipelines/
  2. .devcontainer/
  3. .github/
  4. Doc/
  5. Grammar/
  6. Include/
  7. InternalDocs/
  8. Lib/
  9. Mac/
  10. Misc/
  11. Modules/
  12. Objects/
  13. Parser/
  14. PC/
  15. PCbuild/
  16. Programs/
  17. Python/
  18. Tools/
  19. .editorconfig
  20. .gitattributes
  21. .gitignore
  22. .mailmap
  23. .pre-commit-config.yaml
  24. .readthedocs.yml
  25. aclocal.m4
  26. config.guess
  27. config.sub
  28. configure
  29. configure.ac
  30. install-sh
  31. LICENSE
  32. Makefile.pre.in
  33. pyconfig.h.in
  34. README.rst