From ad7690af01bef3bfc7903c862c91bbc2a0994142 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= Date: Tue, 16 Dec 2025 13:36:39 +0100 Subject: [PATCH] Update to 3.2.4 - Fixes: rhbz#2427014 --- ...er-deallocation-in-double-conversion.patch | 79 +++++++++++++++++++ python3.14-Cython.spec | 12 ++- sources | 2 +- 3 files changed, 91 insertions(+), 2 deletions(-) create mode 100644 Fix-pointer-use-after-buffer-deallocation-in-double-conversion.patch diff --git a/Fix-pointer-use-after-buffer-deallocation-in-double-conversion.patch b/Fix-pointer-use-after-buffer-deallocation-in-double-conversion.patch new file mode 100644 index 0000000..707ec35 --- /dev/null +++ b/Fix-pointer-use-after-buffer-deallocation-in-double-conversion.patch @@ -0,0 +1,79 @@ +From b4561e8002c453f682e73fb235beb47aa59917ea Mon Sep 17 00:00:00 2001 +From: stratakis +Date: Mon, 19 Jan 2026 14:11:04 +0100 +Subject: [PATCH] Fix pointer use after buffer deallocation in double + conversion + +--- + Cython/Utility/Optimize.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/Cython/Utility/Optimize.c b/Cython/Utility/Optimize.c +index b731f74..5fea865 100644 +--- a/Cython/Utility/Optimize.c ++++ b/Cython/Utility/Optimize.c +@@ -787,6 +787,7 @@ static double __Pyx_PyUnicode_AsDouble_WithSpaces(PyObject *obj) { + double value; + const char *last; + char *end; ++ int valid_parse; + Py_ssize_t start, length = PyUnicode_GET_LENGTH(obj); + const int kind = PyUnicode_KIND(obj); + const void* data = PyUnicode_DATA(obj); +@@ -810,6 +811,7 @@ static double __Pyx_PyUnicode_AsDouble_WithSpaces(PyObject *obj) { + last = __Pyx__PyUnicode_AsDouble_Copy(data, kind, number, start, start + length); + if (unlikely(!last)) goto fallback; + value = PyOS_string_to_double(number, &end, NULL); ++ valid_parse = (end == last); + } else { + char *number = (char*) PyMem_Malloc((length + 1) * sizeof(char)); + if (unlikely(!number)) goto fallback; +@@ -819,9 +821,10 @@ static double __Pyx_PyUnicode_AsDouble_WithSpaces(PyObject *obj) { + goto fallback; + } + value = PyOS_string_to_double(number, &end, NULL); ++ valid_parse = (end == last); + PyMem_Free(number); + } +- if (likely(end == last) || (value == (double)-1 && PyErr_Occurred())) { ++ if (likely(valid_parse) || (value == (double)-1 && PyErr_Occurred())) { + return value; + } + fallback: +@@ -967,6 +970,7 @@ CYTHON_UNUSED static double __Pyx__PyBytes_AsDouble(PyObject *obj, const char* s + Py_ssize_t i, digits; + const char *last = start + length; + char *end; ++ int valid_parse; + + // strip spaces at start and end + while (__Pyx__PyBytes_AsDouble_IsSpace(*start)) +@@ -987,11 +991,13 @@ CYTHON_UNUSED static double __Pyx__PyBytes_AsDouble(PyObject *obj, const char* s + + if (likely(digits == length)) { + value = PyOS_string_to_double(start, &end, NULL); ++ valid_parse = (end == last); + } else if (digits < 40) { + char number[40]; + last = __Pyx__PyBytes_AsDouble_Copy(start, number, length); + if (unlikely(!last)) goto fallback; + value = PyOS_string_to_double(number, &end, NULL); ++ valid_parse = (end == last); + } else { + char *number = (char*) PyMem_Malloc((digits + 1) * sizeof(char)); + if (unlikely(!number)) goto fallback; +@@ -1001,9 +1007,10 @@ CYTHON_UNUSED static double __Pyx__PyBytes_AsDouble(PyObject *obj, const char* s + goto fallback; + } + value = PyOS_string_to_double(number, &end, NULL); ++ valid_parse = (end == last); + PyMem_Free(number); + } +- if (likely(end == last) || (value == (double)-1 && PyErr_Occurred())) { ++ if (likely(valid_parse) || (value == (double)-1 && PyErr_Occurred())) { + return value; + } + fallback: +-- +2.52.0 + diff --git a/python3.14-Cython.spec b/python3.14-Cython.spec index ee1f899..9372e0e 100644 --- a/python3.14-Cython.spec +++ b/python3.14-Cython.spec @@ -7,7 +7,7 @@ %bcond cython_compile 1 Name: python%{python3_pkgversion}-Cython -Version: 3.2.1 +Version: 3.2.4 Release: %autorelease Summary: Language for writing Python extension modules @@ -15,6 +15,16 @@ License: Apache-2.0 URL: http://www.cython.org Source: https://github.com/cython/cython/archive/%{version}/Cython-%{version}.tar.gz +# Fix pointer use after buffer deallocation in double conversion (GH-7465) +# The __Pyx_PyUnicode_AsDouble_WithSpaces() and __Pyx__PyBytes_AsDouble() +# functions compared pointers after freeing/exiting the buffer they pointed into. +# This triggered static analyzer warnings and could be misoptimized by compilers. +# +# Save the comparison result before buffer deallocation to ensure pointer +# operations only occur while memory is valid. +# Upstream commit: https://github.com/cython/cython/commit/11e94c7 +Patch: Fix-pointer-use-after-buffer-deallocation-in-double-conversion.patch + BuildRequires: python%{python3_pkgversion}-devel %if %{with tests} diff --git a/sources b/sources index 86818f4..eca0943 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (Cython-3.2.1.tar.gz) = 78556141f3683d0ba2145ded3f475880d7f4e0a41929ba43a3904609da15332de6ef675d62348ce649a8498cc245a6e11c60123eb524e75994eb29a3587d42a8 +SHA512 (Cython-3.2.4.tar.gz) = 5ab8e39739a79debbe89b2ff5b6d88e1b7aafd5ad34460f14f3fc2bd90c10bdc9d6aa5b5844a48e30402dde9790cb9abcba3dc2b4e8cde24c4eeee818a180099