Skip to content

gh-149231: tomllib: Limit the number of parts in a key#149233

Merged
encukou merged 2 commits intopython:mainfrom
encukou:tomllib-update
May 4, 2026
Merged

gh-149231: tomllib: Limit the number of parts in a key#149233
encukou merged 2 commits intopython:mainfrom
encukou:tomllib-update

Conversation

@encukou
Copy link
Copy Markdown
Member

@encukou encukou commented May 1, 2026
edited by bedevere-app Bot
Loading

This roughly syncs up with latest tomli. I excluded the (growing number of) mypyc-specific parts.

@encukou encukou requested a review from hauntsaninja as a code owner May 1, 2026 14:48
@bedevere-app bedevere-app Bot mentioned this pull request May 1, 2026
Open
gpshead
gpshead approved these changes May 2, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@gpshead gpshead left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cute re-use of recursionlimit. i could argue for just declaring a max nesting constant instead but realistically the important thing is having a limit at all. this works.

@encukou
Copy link
Copy Markdown
Member Author

encukou commented May 4, 2026

What's invisible here is that tomllib.loads('a = ' + '['*1000 + '0' + ']'*1000) also raises RecursionError, due to an implementation detail -- an actual recursive parser.

@encukou encukou merged commit bc7c102 into python:main May 4, 2026
63 checks passed
@encukou encukou deleted the tomllib-update branch May 4, 2026 11:49
@encukou encukou added needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes needs backport to 3.15 pre-release feature fixes, bugs and security fixes labels May 11, 2026
@miss-islington-app
Copy link
Copy Markdown

miss-islington-app Bot commented May 11, 2026

Thanks @encukou for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13.
🐍🍒⛏🤖

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app Bot commented May 11, 2026

Thanks @encukou for the PR 🌮🎉.. I'm working now to backport this PR to: 3.11.
🐍🍒⛏🤖

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app Bot commented May 11, 2026

Thanks @encukou for the PR 🌮🎉.. I'm working now to backport this PR to: 3.12.
🐍🍒⛏🤖

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app Bot commented May 11, 2026

Thanks @encukou for the PR 🌮🎉.. I'm working now to backport this PR to: 3.15.
🐍🍒⛏🤖

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app Bot commented May 11, 2026

Thanks @encukou for the PR 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app Bot commented May 11, 2026

Sorry, @encukou, I could not cleanly backport this to 3.11 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker bc7c102f3462a9f014f3ac2546acfb471b2a7eae 3.11

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app Bot commented May 11, 2026

Sorry, @encukou, I could not cleanly backport this to 3.13 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker bc7c102f3462a9f014f3ac2546acfb471b2a7eae 3.13

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app Bot commented May 11, 2026

Sorry, @encukou, I could not cleanly backport this to 3.12 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker bc7c102f3462a9f014f3ac2546acfb471b2a7eae 3.12

@miss-islington-app
Copy link
Copy Markdown

miss-islington-app Bot commented May 11, 2026

Sorry, @encukou, I could not cleanly backport this to 3.14 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker bc7c102f3462a9f014f3ac2546acfb471b2a7eae 3.14

@bedevere-app
Copy link
Copy Markdown

bedevere-app Bot commented May 11, 2026

GH-149677 is a backport of this pull request to the 3.15 branch.

@bedevere-app bedevere-app Bot removed the needs backport to 3.15 pre-release feature fixes, bugs and security fixes label May 11, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gpshead gpshead gpshead approved these changes

@StanFromIreland StanFromIreland StanFromIreland approved these changes

@hauntsaninja hauntsaninja Awaiting requested review from hauntsaninja hauntsaninja is a code owner

Assignees

@encukou encukou

Labels

needs backport to 3.11 only security fixes needs backport to 3.12 only security fixes needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@encukou @gpshead @StanFromIreland