mirror of
https://github.com/python/cpython.git
synced 2026-01-27 05:05:50 +00:00
bf2865f80f
* [3.14] gh-90949: add Expat API to prevent XML deadly allocations (CVE-2025-59375) (GH-139234) Expose the XML Expat 2.7.2 mitigation APIs to disallow use of disproportional amounts of dynamic memory from within an Expat parser (see CVE-2025-59375 for instance). The exposed APIs are available on Expat parsers, that is, parsers created by `xml.parsers.expat.ParserCreate()`, as: - `parser.SetAllocTrackerActivationThreshold(threshold)`, and - `parser.SetAllocTrackerMaximumAmplification(max_factor)`. (cherry picked from commit f04bea44c37793561d753dd4ca6e7cd658137553) (cherry picked from commit 68a1778b7721f3fb853cd3aa674f7039c2a4df36)