Skip to content

gh-143241: Fix infinite loop in zoneinfo._common.load_data #143243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
picnixz merged 10 commits into from
Dec 28, 2025
Merged

gh-143241: Fix infinite loop in zoneinfo._common.load_data #143243

picnixz merged 10 commits into from
Dec 28, 2025
+11 −5

Conversation

@fatihhcelik
Copy link
Contributor

@fatihhcelik fatihhcelik commented Dec 28, 2025
edited by bedevere-app bot
Loading

@bedevere-app
Copy link

bedevere-app bot commented Dec 28, 2025

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

@python-cla-bot
Copy link

python-cla-bot bot commented Dec 28, 2025
edited
Loading

All commit authors signed the Contributor License Agreement.

CLA signed

@bedevere-app bedevere-app bot mentioned this pull request Dec 28, 2025
Closed
@serhiy-storchaka serhiy-storchaka added needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes labels Dec 28, 2025
serhiy-storchaka
serhiy-storchaka approved these changes Dec 28, 2025
View reviewed changes
Copy link
Member

@serhiy-storchaka serhiy-storchaka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. 👍

Please add a NEWS entry, users will be glad to know that that bug was fixed.

I would not call it a DoS.

@fatihhcelik fatihhcelik changed the title gh-143241: Fix infinite loop DoS in zoneinfo._common.load_data gh-143241: Fix infinite loop in zoneinfo._common.load_data Dec 28, 2025
picnixz
picnixz reviewed Dec 28, 2025
View reviewed changes
picnixz
picnixz reviewed Dec 28, 2025
View reviewed changes
picnixz
picnixz reviewed Dec 28, 2025
View reviewed changes
picnixz
picnixz reviewed Dec 28, 2025
View reviewed changes
@picnixz
Copy link
Member

picnixz commented Dec 28, 2025

I'm going to wait for the CI to be green and then I'll merge.

@picnixz picnixz merged commit 3ca1f2a into python:main Dec 28, 2025
46 checks passed
@miss-islington-app
Copy link

miss-islington-app bot commented Dec 28, 2025

Thanks @fatihhcelik for the PR, and @picnixz for merging it 🌮🎉.. I'm working now to backport this PR to: 3.13, 3.14.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Dec 28, 2025
@fatihhcelik @blurb-it
@picnixz @miss-islington
pythongh-143241: Fix infinite loop in zoneinfo._common.load_data (p…
e8a6d16 
…ythonGH-143243)

Correctly reject truncated TZif files in `ZoneInfo.from_file`.

---------
(cherry picked from commit 3ca1f2a)

Co-authored-by: Fatih Çelik <[email protected]>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <[email protected]>
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Dec 28, 2025
@fatihhcelik @blurb-it
@picnixz @miss-islington
pythongh-143241: Fix infinite loop in zoneinfo._common.load_data (p…
cb295cc 
…ythonGH-143243)

Correctly reject truncated TZif files in `ZoneInfo.from_file`.

---------
(cherry picked from commit 3ca1f2a)

Co-authored-by: Fatih Çelik <[email protected]>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <[email protected]>
@bedevere-app
Copy link

bedevere-app bot commented Dec 28, 2025

GH-143251 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Dec 28, 2025
@bedevere-app
Copy link

bedevere-app bot commented Dec 28, 2025

GH-143252 is a backport of this pull request to the 3.13 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.13 bugs and security fixes label Dec 28, 2025
picnixz added a commit that referenced this pull request Dec 28, 2025
@miss-islington @fatihhcelik
@blurb-it @picnixz
[3.13] gh-143241: Fix infinite loop in zoneinfo._common.load_data (G…
750c3ef 
…H-143243) (#143252)

gh-143241: Fix infinite loop in `zoneinfo._common.load_data` (GH-143243)

Correctly reject truncated TZif files in `ZoneInfo.from_file`.

---------
(cherry picked from commit 3ca1f2a)

Co-authored-by: Fatih Çelik <[email protected]>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <[email protected]>
picnixz added a commit that referenced this pull request Dec 28, 2025
@miss-islington @fatihhcelik
@blurb-it @picnixz
[3.14] gh-143241: Fix infinite loop in zoneinfo._common.load_data (G…
4c3e211 
…H-143243) (#143251)

gh-143241: Fix infinite loop in `zoneinfo._common.load_data` (GH-143243)

Correctly reject truncated TZif files in `ZoneInfo.from_file`.

---------
(cherry picked from commit 3ca1f2a)

Co-authored-by: Fatih Çelik <[email protected]>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Co-authored-by: Bénédikt Tran <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@serhiy-storchaka serhiy-storchaka serhiy-storchaka approved these changes

@picnixz picnixz picnixz approved these changes

@pganssle pganssle Awaiting requested review from pganssle pganssle is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fatihhcelik @picnixz @serhiy-storchaka