Skip to content

gh-145883: Fix two heap-buffer-overflows in _zoneinfo#145885

Open
StanFromIreland wants to merge 7 commits intopython:mainfrom
StanFromIreland:zoneinfo-overflows
Open

gh-145883: Fix two heap-buffer-overflows in _zoneinfo#145885
StanFromIreland wants to merge 7 commits intopython:mainfrom
StanFromIreland:zoneinfo-overflows

Conversation

@StanFromIreland
Copy link
Copy Markdown
Member

@StanFromIreland StanFromIreland commented Mar 12, 2026
edited by bedevere-app bot
Loading

@bedevere-app bedevere-app bot mentioned this pull request Mar 12, 2026
Open
pganssle
pganssle requested changes Mar 16, 2026
View reviewed changes
@bedevere-app
Copy link
Copy Markdown

bedevere-app bot commented Mar 16, 2026

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

serhiy-storchaka
serhiy-storchaka reviewed Mar 16, 2026
View reviewed changes
@StanFromIreland
Copy link
Copy Markdown
Member Author

StanFromIreland commented Mar 16, 2026

I have made the requested changes; please review again

@bedevere-app
Copy link
Copy Markdown

bedevere-app bot commented Mar 16, 2026

Thanks for making the requested changes!

@encukou, @pganssle: please review the changes made to this pull request.

@bedevere-app bedevere-app bot requested review from encukou and pganssle March 16, 2026 15:59
serhiy-storchaka
serhiy-storchaka reviewed Mar 16, 2026
View reviewed changes
serhiy-storchaka
serhiy-storchaka approved these changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@serhiy-storchaka serhiy-storchaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. 👍

I only have questions about some auxiliary files.

Tools/build/compute-changes.py
Comment on lines +101 to +103
# zoneinfo
Path("Lib/zoneinfo/"),
Path("Modules/_zoneinfo.c"),
Copy link
Copy Markdown
Member

@serhiy-storchaka serhiy-storchaka Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is it about? How is this list use and why these additions are necessary?

Copy link
Copy Markdown
Member Author

@StanFromIreland StanFromIreland Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the list of files that triggers CIFuzz, we started fuzzing zoneinfo (which found one of the two bugs the following day) in python/library-fuzzers@eb273d5. It's not related to the issue, but it's so small I think including it here is fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@serhiy-storchaka serhiy-storchaka serhiy-storchaka approved these changes

@sethmlarson sethmlarson Awaiting requested review from sethmlarson

@AA-Turner AA-Turner Awaiting requested review from AA-Turner AA-Turner is a code owner

@hugovk hugovk Awaiting requested review from hugovk hugovk is a code owner

@webknjaz webknjaz Awaiting requested review from webknjaz webknjaz is a code owner

@encukou encukou Awaiting requested review from encukou

@pganssle pganssle Awaiting requested review from pganssle pganssle is a code owner

Assignees

No one assigned

Labels

awaiting merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@StanFromIreland @encukou @pganssle @serhiy-storchaka