Update to 3.2.4

- Fixes: rhbz#2427014
2025-12-16 13:36:39 +01:00 · 2025-12-16 13:36:39 +01:00 · ad7690af01
commit ad7690af01
parent 925fc513b4
3 changed files with 91 additions and 2 deletions
--- a/Fix-pointer-use-after-buffer-deallocation-in-double-conversion.patch
+++ b/Fix-pointer-use-after-buffer-deallocation-in-double-conversion.patch
@ -0,0 +1,79 @@
+From b4561e8002c453f682e73fb235beb47aa59917ea Mon Sep 17 00:00:00 2001
+From: stratakis <cstratak@redhat.com>
+Date: Mon, 19 Jan 2026 14:11:04 +0100
+Subject: [PATCH] Fix pointer use after buffer deallocation in double
+ conversion
+
+---
+ Cython/Utility/Optimize.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/Cython/Utility/Optimize.c b/Cython/Utility/Optimize.c
+index b731f74..5fea865 100644
+--- a/Cython/Utility/Optimize.c
+++ b/Cython/Utility/Optimize.c
+@@ -787,6 +787,7 @@ static double __Pyx_PyUnicode_AsDouble_WithSpaces(PyObject *obj) {
+     double value;
+     const char *last;
+     char *end;
+    int valid_parse;
+     Py_ssize_t start, length = PyUnicode_GET_LENGTH(obj);
+     const int kind = PyUnicode_KIND(obj);
+     const void* data = PyUnicode_DATA(obj);
+@@ -810,6 +811,7 @@ static double __Pyx_PyUnicode_AsDouble_WithSpaces(PyObject *obj) {
+         last = __Pyx__PyUnicode_AsDouble_Copy(data, kind, number, start, start + length);
+         if (unlikely(!last)) goto fallback;
+         value = PyOS_string_to_double(number, &end, NULL);
+        valid_parse = (end == last);
+     } else {
+         char *number = (char*) PyMem_Malloc((length + 1) * sizeof(char));
+         if (unlikely(!number)) goto fallback;
+@@ -819,9 +821,10 @@ static double __Pyx_PyUnicode_AsDouble_WithSpaces(PyObject *obj) {
+             goto fallback;
+         }
+         value = PyOS_string_to_double(number, &end, NULL);
+        valid_parse = (end == last);
+         PyMem_Free(number);
+     }
+-    if (likely(end == last) || (value == (double)-1 && PyErr_Occurred())) {
+    if (likely(valid_parse) || (value == (double)-1 && PyErr_Occurred())) {
+         return value;
+     }
+ fallback:
+@@ -967,6 +970,7 @@ CYTHON_UNUSED static double __Pyx__PyBytes_AsDouble(PyObject *obj, const char* s
+     Py_ssize_t i, digits;
+     const char *last = start + length;
+     char *end;
+    int valid_parse;
+ 
+     // strip spaces at start and end
+     while (__Pyx__PyBytes_AsDouble_IsSpace(*start))
+@@ -987,11 +991,13 @@ CYTHON_UNUSED static double __Pyx__PyBytes_AsDouble(PyObject *obj, const char* s
+ 
+     if (likely(digits == length)) {
+         value = PyOS_string_to_double(start, &end, NULL);
+        valid_parse = (end == last);
+     } else if (digits < 40) {
+         char number[40];
+         last = __Pyx__PyBytes_AsDouble_Copy(start, number, length);
+         if (unlikely(!last)) goto fallback;
+         value = PyOS_string_to_double(number, &end, NULL);
+        valid_parse = (end == last);
+     } else {
+         char *number = (char*) PyMem_Malloc((digits + 1) * sizeof(char));
+         if (unlikely(!number)) goto fallback;
+@@ -1001,9 +1007,10 @@ CYTHON_UNUSED static double __Pyx__PyBytes_AsDouble(PyObject *obj, const char* s
+             goto fallback;
+         }
+         value = PyOS_string_to_double(number, &end, NULL);
+        valid_parse = (end == last);
+         PyMem_Free(number);
+     }
+-    if (likely(end == last) || (value == (double)-1 && PyErr_Occurred())) {
+    if (likely(valid_parse) || (value == (double)-1 && PyErr_Occurred())) {
+         return value;
+     }
+ fallback:
+-- 
+2.52.0
+
--- a/python3.14-Cython.spec
+++ b/python3.14-Cython.spec
@ -7,7 +7,7 @@
 %bcond cython_compile 1

 Name:           python%{python3_pkgversion}-Cython
-Version:        3.2.1
+Version:        3.2.4
 Release:        %autorelease
 Summary:        Language for writing Python extension modules

@ -15,6 +15,16 @@ License:        Apache-2.0
 URL:            http://www.cython.org
 Source:         https://github.com/cython/cython/archive/%{version}/Cython-%{version}.tar.gz

+# Fix pointer use after buffer deallocation in double conversion (GH-7465)
+# The __Pyx_PyUnicode_AsDouble_WithSpaces() and __Pyx__PyBytes_AsDouble()
+# functions compared pointers after freeing/exiting the buffer they pointed into.
+# This triggered static analyzer warnings and could be misoptimized by compilers.
+#
+# Save the comparison result before buffer deallocation to ensure pointer
+# operations only occur while memory is valid.
+# Upstream commit: https://github.com/cython/cython/commit/11e94c7
+Patch:          Fix-pointer-use-after-buffer-deallocation-in-double-conversion.patch
+
 BuildRequires:  python%{python3_pkgversion}-devel

 %if %{with tests}
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (Cython-3.2.1.tar.gz) = 78556141f3683d0ba2145ded3f475880d7f4e0a41929ba43a3904609da15332de6ef675d62348ce649a8498cc245a6e11c60123eb524e75994eb29a3587d42a8
+SHA512 (Cython-3.2.4.tar.gz) = 5ab8e39739a79debbe89b2ff5b6d88e1b7aafd5ad34460f14f3fc2bd90c10bdc9d6aa5b5844a48e30402dde9790cb9abcba3dc2b4e8cde24c4eeee818a180099