GH-137759: Limit _PyObject_HashFast to dict keys

Author: JasonMendoza2008

.github/SECURITY.md

@@ -1,7 +1,7 @@
 # Security Policy
 
 Python [provides a security policy and threat model](https://devguide.python.org/security/policy/)
-in the Python Developer's Guide documenting what bugs are vulnerabilities,
+in the Python Development Guide documenting what bugs are vulnerabilities,
 how to structure reports, and what versions of Python accept reports.
 
 Python Security Response Team (PSRT) members

.github/workflows/build.yml

@@ -278,13 +278,14 @@ jobs:
           # unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
           # supported by important vendors such as AWS-LC.
           - { name: openssl, version: 1.1.1w }
-          - { name: openssl, version: 3.0.21 }
-          - { name: openssl, version: 3.4.6 }
-          - { name: openssl, version: 3.5.7 }
-          - { name: openssl, version: 3.6.3 }
-          - { name: openssl, version: 4.0.1 }
+          - { name: openssl, version: 3.0.20 }
+          - { name: openssl, version: 3.3.7 }
+          - { name: openssl, version: 3.4.5 }
+          - { name: openssl, version: 3.5.6 }
+          - { name: openssl, version: 3.6.2 }
+          - { name: openssl, version: 4.0.0 }
           ## AWS-LC
-          - { name: aws-lc, version: 5.0.0 }
+          - { name: aws-lc, version: 1.72.1 }
     env:
       SSLLIB_VER: ${{ matrix.ssllib.version }}
       MULTISSL_DIR: ${{ github.workspace }}/multissl
@@ -398,7 +399,7 @@ jobs:
     needs: build-context
     if: needs.build-context.outputs.run-ubuntu == 'true'
     env:
-      OPENSSL_VER: 3.5.7
+      OPENSSL_VER: 3.5.6
       PYTHONSTRICTEXTENSIONBUILD: 1
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -506,7 +507,7 @@ jobs:
       matrix:
         os: [ubuntu-24.04]
     env:
-      OPENSSL_VER: 3.5.7
+      OPENSSL_VER: 3.5.6
       PYTHONSTRICTEXTENSIONBUILD: 1
       ASAN_OPTIONS: detect_leaks=0:allocator_may_return_null=1:handle_segv=0
     steps:

.github/workflows/reusable-san.yml

@@ -82,16 +82,19 @@ jobs:
       run: make -j4
     - name: Display build info
       run: make pythoninfo
+    # test_{capi,faulthandler} are skipped under UBSan because
+    # they raise signals that UBSan with halt_on_error=1 intercepts.
     - name: Tests
       run: >-
         ./python -m test
         ${{ inputs.sanitizer == 'TSan' && '--tsan' || '' }}
-        -j4 -W
+        ${{ inputs.sanitizer == 'UBSan' && '-x test_capi -x test_faulthandler' || '' }}
+        -j4
     - name: Parallel tests
       if: >-
         inputs.sanitizer == 'TSan'
         && fromJSON(inputs.free-threading)
-      run: ./python -m test --tsan-parallel --parallel-threads=4 -j4 -W
+      run: ./python -m test --tsan-parallel --parallel-threads=4 -j4
     - name: Display logs
       if: always()
       run: find "${GITHUB_WORKSPACE}" -name 'san_log.*' | xargs head -n 1000

.github/workflows/reusable-ubuntu.yml

@@ -35,7 +35,7 @@ jobs:
     runs-on: ${{ inputs.os }}
     timeout-minutes: 60
     env:
-      OPENSSL_VER: 3.5.7
+      OPENSSL_VER: 3.5.6
       PYTHONSTRICTEXTENSIONBUILD: 1
       TERM: linux
     steps:

Doc/Makefile

@@ -88,9 +88,9 @@ htmlhelp: build
 	      "build/htmlhelp/pydoc.hhp project file."
 
 .PHONY: latex
-latex: BUILDER = latex
 latex: _ensure-sphinxcontrib-svg2pdfconverter
-	$(MAKE) build BUILDER=$(BUILDER)
+latex: BUILDER = latex
+latex: build
 	@echo "Build finished; the LaTeX files are in build/latex."
 	@echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \
 	      "run these through (pdf)latex."

Doc/c-api/coro.rst

@@ -33,9 +33,3 @@ return.
    with ``__name__`` and ``__qualname__`` set to *name* and *qualname*.
    A reference to *frame* is stolen by this function.  The *frame* argument
    must not be ``NULL``.
-
-   .. deprecated-removed:: 3.16 3.18
-
-      This function has not been used since 3.10.
-      It is also impossible to construct a proper *frame*
-      object to call this function.

Doc/c-api/gen.rst

@@ -38,25 +38,13 @@ than explicitly calling :c:func:`PyGen_New` or :c:func:`PyGen_NewWithQualName`.
    A reference to *frame* is stolen by this function. The argument must not be
    ``NULL``.
 
-   .. deprecated-removed:: 3.16 3.18
-
-      This function has not been used since 3.10.
-      It is also impossible to construct a proper *frame*
-      object to call this function.
-
 .. c:function:: PyObject* PyGen_NewWithQualName(PyFrameObject *frame, PyObject *name, PyObject *qualname)
 
    Create and return a new generator object based on the *frame* object,
    with ``__name__`` and ``__qualname__`` set to *name* and *qualname*.
    A reference to *frame* is stolen by this function.  The *frame* argument
    must not be ``NULL``.
 
-   .. deprecated-removed:: 3.16 3.18
-
-      This function has not been used since 3.10.
-      It is also impossible to construct a proper *frame*
-      object to call this function.
-
 
 .. c:function:: PyCodeObject* PyGen_GetCode(PyGenObject *gen)
 
@@ -89,12 +77,6 @@ Asynchronous Generator Objects
 
    .. versionadded:: 3.6
 
-   .. deprecated-removed:: 3.16 3.18
-
-      This function has not been used since 3.10.
-      It is also impossible to construct a proper *frame*
-      object to call this function.
-
 .. c:function:: int PyAsyncGen_CheckExact(PyObject *op)
 
    Return true if *op* is an asynchronous generator object, false otherwise.

Doc/c-api/memory.rst

@@ -77,7 +77,7 @@ memory footprint as a whole. Consequently, under certain circumstances, the
 Python memory manager may or may not trigger appropriate actions, like garbage
 collection, memory compaction or other preventive procedures. Note that by using
 the C library allocator as shown in the previous example, the allocated memory
-for the I/O buffer completely escapes the Python memory manager.
+for the I/O buffer escapes completely the Python memory manager.
 
 .. seealso::
 
@@ -157,7 +157,7 @@ zero bytes.
 
 .. c:function:: void* PyMem_RawCalloc(size_t nelem, size_t elsize)
 
-   Allocates *nelem* elements each of size *elsize* bytes and returns
+   Allocates *nelem* elements each whose size in bytes is *elsize* and returns
    a pointer of type :c:expr:`void*` to the allocated memory, or ``NULL`` if the
    request fails. The memory is initialized to zeros.
 
@@ -235,7 +235,7 @@ In the GIL-enabled build (default build) the
 
 .. c:function:: void* PyMem_Calloc(size_t nelem, size_t elsize)
 
-   Allocates *nelem* elements each of size *elsize* bytes and returns
+   Allocates *nelem* elements each whose size in bytes is *elsize* and returns
    a pointer of type :c:expr:`void*` to the allocated memory, or ``NULL`` if the
    request fails. The memory is initialized to zeros.
 
@@ -368,7 +368,7 @@ The :ref:`default object allocator <default-memory-allocators>` uses the
 
 .. c:function:: void* PyObject_Calloc(size_t nelem, size_t elsize)
 
-   Allocates *nelem* elements each of size *elsize* bytes and returns
+   Allocates *nelem* elements each whose size in bytes is *elsize* and returns
    a pointer of type :c:expr:`void*` to the allocated memory, or ``NULL`` if the
    request fails. The memory is initialized to zeros.
 

Doc/c-api/module.rst

@@ -247,15 +247,6 @@ Feature slots
    If ``Py_mod_multiple_interpreters`` is not specified, the import
    machinery defaults to ``Py_MOD_MULTIPLE_INTERPRETERS_SUPPORTED``.
 
-   For historical reasons, the values are declared as pointers (``void *``).
-   When using :c:type:`PySlot` arrays, use :c:macro:`PySlot_DATA` for
-   :c:macro:`!Py_mod_multiple_interpreters`:
-
-   .. code-block:: c
-
-      PySlot_DATA(Py_mod_multiple_interpreters,
-                  Py_MOD_PER_INTERPRETER_GIL_SUPPORTED)
-
    .. versionadded:: 3.12
 
 .. c:macro:: Py_mod_gil
@@ -281,14 +272,6 @@ Feature slots
    If ``Py_mod_gil`` is not specified, the import machinery defaults to
    ``Py_MOD_GIL_USED``.
 
-   For historical reasons, the values are declared as pointers (``void *``).
-   When using :c:type:`PySlot` arrays, use :c:macro:`PySlot_DATA` for
-   :c:macro:`!Py_mod_gil`:
-
-   .. code-block:: c
-
-      PySlot_DATA(Py_mod_gil, Py_MOD_GIL_NOT_USED)
-
    .. versionadded:: 3.13
 
 

Doc/c-api/typeobj.rst

@@ -2975,13 +2975,13 @@ Buffer Object Structures
    steps:
 
    (1) Check if the request can be met. If not, raise :exc:`BufferError`,
-       set ``view->obj`` to ``NULL`` and return ``-1``.
+       set :c:expr:`view->obj` to ``NULL`` and return ``-1``.
 
    (2) Fill in the requested fields.
 
    (3) Increment an internal counter for the number of exports.
 
-   (4) Set ``view->obj`` to *exporter* and increment ``view->obj``.
+   (4) Set :c:expr:`view->obj` to *exporter* and increment :c:expr:`view->obj`.
 
    (5) Return ``0``.
 
@@ -3007,10 +3007,10 @@ Buffer Object Structures
    schemes can be used:
 
    * Re-export: Each member of the tree acts as the exporting object and
-     sets ``view->obj`` to a new reference to itself.
+     sets :c:expr:`view->obj` to a new reference to itself.
 
    * Redirect: The buffer request is redirected to the root object of the
-     tree. Here, ``view->obj`` will be a new reference to the root
+     tree. Here, :c:expr:`view->obj` will be a new reference to the root
      object.
 
    The individual fields of *view* are described in section
@@ -3064,7 +3064,7 @@ Buffer Object Structures
    *view* argument.
 
 
-   This function MUST NOT decrement ``view->obj``, since that is
+   This function MUST NOT decrement :c:expr:`view->obj`, since that is
    done automatically in :c:func:`PyBuffer_Release` (this scheme is
    useful for breaking reference cycles).